Hello,
I tagged sandboxed-tor-browser 0.0.2 (0.0.1 is also tagged, but it has a few issues), so this is the obligatory release announcement.
Official binaries should be available sometime next week, so I strongly suggest that people wait till then, unless they feel confident in installing the build time dependencies, and building the binary.
This is the non-developer alpha version of the sandboxing approach outlined in:
https://lists.torproject.org/pipermail/tor-dev/2016-September/011444.html
A lot has changed since then, the primary changes are numerous improvements to the sandbox, the addition of graphical UI, and the removal of the "you need a tor daemon as a system service" requirement.
It is still very much an alpha (up from a proof of concept tech demo), so there will be rough edges and bugs, some potentially major.
Features:
* A Gtk+3 based UI for downloading/installing/updating Tor Browser, configuring tor, and launching the sandboxed browser. Think `tor-browser-launcher`, that happens to run Tor Browser in a bunch of containers.
* Linux seccomp-bpf + namespace based containers for Tor Browser, that attempts to prevent/mitigate exploits and reduce the amount of personally identifiable information to a minimum, centered around bubblewrap (runtime dependency).
Known system incompatibilities:
* 64 bit kernel, 32 bit userland is not supported.
* X32 (x86_64 with 32 bit pointers) is not supported. If you have to ask what this is, and how it's different from normal 32 bit x86, you don't have it.
* Systems that do not store the dynamic linker/loader cache in `/etc/ld.so.cache` in glibc 2.2 format are not supported.
* Ubuntu does not have a sufficiently recent bubblewrap package available for any current release, up to and including `yakkety` (16.10). The package that is available in `universe` SHOULD NOT be installed, and WILL NOT work.
Errata:
* On systems where gstreamer libraries are pulled in as part of the base firefox runtime dependencies, the libraries can find their way into the sandbox without the need for explicit user intervention, if "Extra Audio/Video Codecs" is enabled in the sandbox configuration.
As far as I am aware, and on the systems I have tested, none of the modern distributions have system libraries built this way. If the sandbox manages to launch Tor Browser with the option disabled, you are not affected by this.
The exact functionality, usage, and caveats are documented at: https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux
The code is at: https://gitweb.torproject.org/tor-browser/sandboxed-tor-browser.git/
Regards,
On Sat, Dec 10, 2016 at 08:52:47PM +0000, Yawning Angel wrote:
I tagged sandboxed-tor-browser 0.0.2 (0.0.1 is also tagged, but it has a few issues), so this is the obligatory release announcement.
Official binaries should be available sometime next week, so I strongly suggest that people wait till then, unless they feel confident in installing the build time dependencies, and building the binary.
Thanks Yawning!
I also look forward to the binaries that are coming this week. I imagine there will be some sharp edges for folks whose Linux distro doesn't easily come with the right version of bubblewrap -- so it would be great if people here could help us identify and resolve those sharp edges.
In the meantime, for those like me who are itching to get it working asap, and don't mind installing a few more debs, here are the instructions I wrote up for Jessie users -- they are quite similar to the instructions Yawning put on https://git.schwanenlied.me/yawning/sandboxed-tor-browser/wiki, but a little bit more explicit in some places so it's harder to get lost:
Do steps 1-3 as root:
1. "apt-get install build-essential git libx11-dev libgtk-3-dev"
2. Setup the system to be able to install backports: add "deb http://httpredir.debian.org/debian jessie-backports main" to your /etc/apt/sources.list file, then do "apt-get update"
3. Install golang and bubblewrap and libseccomp from backports: "apt-get -t jessie-backports install golang bubblewrap libseccomp2 libseccomp-dev"
Do steps 4-9 as the user that will be running Sandboxed Tor Browser:
4. Set GOPATH: "export GOPATH=~/.local/go"
5. Install gb: "go get github.com/constabulary/gb/..."
6. Add the directory containing the gb binary to your PATH: "export PATH=$PATH:~/.local/go/bin"
7. Clone the repo: "git clone https://git.torproject.org/tor-browser/sandboxed-tor-browser.git"
8. Compile it: "cd sandboxed-tor-browser; make"
9. Run it: "bin/sandboxed-tor-browser"
It will put its stuff in your ~/.local/share/sandboxed-tor-browser/
--Roger
On Tue, 13 Dec 2016 22:33:34 -0500 Roger Dingledine arma@mit.edu wrote:
I also look forward to the binaries that are coming this week. I imagine there will be some sharp edges for folks whose Linux distro doesn't easily come with the right version of bubblewrap -- so it would be great if people here could help us identify and resolve those sharp edges.
The only system(s) where this is an issue as far as I know is Ubuntu and derivatives (Unless you don't trust AUR, in which case, Arch Linux also doesn't have a package).
It's worth keeping in mind that the only place (by design) that the sandbox code checks for the `bwrap` binary is `/usr/bin/bwrap` because people should be getting their bubblewrap from a trusted source, and I am envisioning a bright future when it's available as a package for all distributions.
Regards,
Roger Dingledine:
On Sat, Dec 10, 2016 at 08:52:47PM +0000, Yawning Angel wrote:
I tagged sandboxed-tor-browser 0.0.2 (0.0.1 is also tagged, but it has a few issues), so this is the obligatory release announcement.
Official binaries should be available sometime next week, so I strongly suggest that people wait till then, unless they feel confident in installing the build time dependencies, and building the binary.
Thanks Yawning!
I also look forward to the binaries that are coming this week.
From now on the latest binaries we ship can easily be found on
https://www.torproject.org/projects/torbrowser.html.en#downloads-sandbox
Georg