Sorry for messing threading up, I wasn't subbed to this list.
anonym wrote:
It is also worth noting that Yawning created a new launcher/updater for Linux as part of his Sandboxed Tor Browser Project (it uses go, Gtk+ 3, and libnotify). https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux
Interesting, but I wonder how much of this launcher that is about setting up the sandboxes -- my fear is that it simply is designed for something else than what we want. Any way, I haven't looked at it, I'm just speculating. :)
Well. Any decent sandboxing solution can't have firefox being the process launching the tor daemon, because that requires granting it things like network access, filesystem access to the tor data directory, etc that it frankly has no business of ever accessing.
From a security standpoint, I think that tor-launcher needs to die, and I wrote sandboxed-tor-browser accordingly. Since it's an Alpha, and I had limited time, it doesn't do everything that tor-launcher currently can, it currently supports:
* Configure a tor daemon.
* Pluggable transports (limited to that supported by obfs4proxy because I don't have a good answer for sandboxing meek/snowflake, and no one uses FTE).
* Bridges, both custom and built in.
* External network proxies (HTTPS/SOCKS4(a)/SOCKS5).
* Launch the tor daemon and monitor bootstrapping status.
* (what tor-browser-launcher does)
* (update check/fetch/apply)
* (lots of sandboxing stuff that only I care about)
Things it should have:
* i18n support (Dropped in favor of "get something done").
* Support the rest of the Pluggable Transports.
* Support user specified torrc directives (eg: ExcludeNodes related tinfoil hattery).
* Support runtime reconfiguration. The torrc is never checkpointed to disk, and is regenerated on each launch. I don't think firefox should ever get to talk to the control port either (and sandboxed-tor-browser enforces this), so this might be somewhat tricky.
I don't think what I wrote is what people want here, because:
* It was written to only support Tor Browser.
* As you note, it has lots of stuff related to sandboxing, though in an ideal world, everything should be sandboxed.
* I used Gtk because the sandboxing implementation I wrote assumes Linux.
If I were to be the one working on a "tor-launcher" replacement, I'd probably write an external launcher, using Qt or something...
Regards,