[tbb-dev] Tag: sandboxed-tor-browser-0.0.9
Yawning Angel
yawning at schwanenlied.me
Mon Jul 3 18:44:58 UTC 2017
Hello,
I went and tagged because getting rid of `/proc` from the firefox
container is big improvement both for security and fingerprinting
resistance.
Changes in version 0.0.9 - 2017-07-03:
* Bug 22712: Suppress ATK Bridge initialization which will never work.
* Bug 20773: Stop mounting /proc in the Tor Browser container.
* Fix the build being broken on Debian Jessie due to #22648.
* Remove the undocumented command line options that enable unsafe
behavior.
I had hoped to transition to using Tor Browser's built in AF_LOCAL
support instead of LD_PRELOADing a stub that intercepts certain calls,
but Tor Browser's (likely Firefox's) AF_LOCAL support is broken
(https://trac.torproject.org/projects/tor/ticket/22794) so this
won't happen till the next stable release after the bug is fixed at
the earliest[0]
Tested on Arch Linux, Fedora 25, Debian Jessie[1].
Regards,
--
Yawning Angel
[0]: What's the point of supporting AF_LOCAL if denying the creation of
AF_INET sockets with seccomp-bpf renders the browser non-functional?
[1]: I am aware that Stretch exists, but I can't be bothered
updating my test VM. At least I tested it that target unlike the last
release.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170703/e0d68cb4/attachment.sig>
More information about the tbb-dev
mailing list