[tbb-bugs] #22000 [Applications/Tor Browser]: update OSX browser sandbox profile for e10s

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri May 12 21:16:15 UTC 2017

#22000: update OSX browser sandbox profile for e10s
 Reporter:  brade                                |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, tbb-security, tbb-         |  Actual Points:
  sandboxing, tbb-e10s,tbb-7.0-must-             |
  alpha,TorBrowserTeam201705                     |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4

Comment (by mcs):

 Kathy and I were hoping to come up with a quick fix for this ticket, but
 it turns out that nesting of sandbox configs is not supported on OSX. That
 means that we either need to disable Mozilla's content process sandbox or
 we need to disable our sandbox. Since it seems like there may be a way in
 our sandbox profile to say "allow exec of this specific executable and
 start it without a sandbox" and since (hopefully) Mozilla enables their
 sandbox as early as possible, the second approach is probably the one to
 use. In other words, our tb.sb profile would apply to the chrome process
 and Mozilla's built in content process sandbox rules would apply to the
 content/tab process. But we should look and see what we are giving up if
 we do that, e.g., what does Mozilla allow that we don't want to allow?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22000#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list