On Tue, 30 May 2017 11:04:00 +0000 Georg Koppen gk@torproject.org wrote:
Oh, and it is not only Linux, OSX and Windows we need to take into account for planning the future for our sandboxing work. Android is coming later this year as a platform for Tor Browser as well. So, if we start thinking about the need for rewriting parts of what we include into Tor Browser now (and what is planned to get included into Tor Browser for Mobile) Android requirements for sandboxing should be considered, too.
Oh boy. I don't see AppArmor working at all, though this depends on the kernel. seccomp + namespaces might work, though this also depends on how the kernel is built.
Doesn't the OS handle containerization and secure updates? Are we doing the play store thing? Is tor-launcher even relevant on that platform, or is Orbot going to continue to handle all of that?
(I suspect that Android will end up remaining as the redheaded step child, depending on what path makes sense for the real computer platforms.)
That does not mean we need to have sorted out all of the problems on every platform we want to support in the future before we start working on getting The Right Thing done on a single one. However, I want to avoid a situation where we think "Damn, had I thought about platform X from the beginning I could have avoided yet another rewrite of Y".
Agreed.
As I heard about Vidalia++ in this thread: let's not forget the failures of Vidalia (see: https://www.petsymposium.org/2012/papers/hotpets12-1-usability.pdf) when designing something new.
This seems like the major issues are primarily UI/UX related. As I mentioned on IRC, there's 0 reason why the meta-process can't present something to the user that looks like tor-launcher, so I think that's the least of the worries.
Where does that leave us? I think we should come up with a document (maybe something on the wiki) about the design idea for The Right Thing which goes into some detail explaining how this could work on all 4 (Linux, OSX, Windows, and Android) platforms, listing as many showstoppers and possible workarounds we currently can think of, plus all the things that are already in place (like Unix Domain socket support etc.).
I think the design I had in mind for what I want the Linux sandbox to be eventually, would also work on OSX and Windows. No idea about Android, and I didn't bother writing much of it down because I was pressed for time. Sorry.
Regards,