[tbb-bugs] #28147 [Applications/Tor Browser]: [meta] Improve Tor Browser Content Process Sandbox
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 1 16:26:51 UTC 2018
#28147: [meta] Improve Tor Browser Content Process Sandbox
--------------------------------------+--------------------------
Reporter: tom | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: #28146 | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by tom):
Replying to [comment:1 gk]:
> Are there corresponding Mozilla bugs somewhere because it seems to me
that this sandbox tightening is something (privacy-conscious) Firefox
users (with proxy) would maybe want to have as well? E.g. should there be
no way to steal Android device information that way from within the
content process regardless of whether Tor is used or not.
Generally, no. So far all of the things I've listed here are things we've
made to support some feature of another. It's possible (but unlikely) that
they could be dead code that we could remove, but AFAIK there are no
corresponding Mozilla bugs to do what Tor wants, because it's going to
conflict with what Mozilla wants.
My suggestion would be that as each sub-item is investigated, we see what
the use of the item is in Firefox, and determine if there is a way to
tighten the IPC layer in Firefox either generally or under certain
(existing) preferences. (With a fallback to some new preference or
preferences.) That would be the easiest way to upstream the behavior Tor
wants.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28147#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list