[tbb-dev] Tag: sandboxed-tor-browser-0.0.9
yawning at schwanenlied.me
Mon Jul 3 18:44:58 UTC 2017
I went and tagged because getting rid of `/proc` from the firefox
container is big improvement both for security and fingerprinting
Changes in version 0.0.9 - 2017-07-03:
* Bug 22712: Suppress ATK Bridge initialization which will never work.
* Bug 20773: Stop mounting /proc in the Tor Browser container.
* Fix the build being broken on Debian Jessie due to #22648.
* Remove the undocumented command line options that enable unsafe
I had hoped to transition to using Tor Browser's built in AF_LOCAL
support instead of LD_PRELOADing a stub that intercepts certain calls,
but Tor Browser's (likely Firefox's) AF_LOCAL support is broken
(https://trac.torproject.org/projects/tor/ticket/22794) so this
won't happen till the next stable release after the bug is fixed at
Tested on Arch Linux, Fedora 25, Debian Jessie.
: What's the point of supporting AF_LOCAL if denying the creation of
AF_INET sockets with seccomp-bpf renders the browser non-functional?
: I am aware that Stretch exists, but I can't be bothered
updating my test VM. At least I tested it that target unlike the last
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the tbb-dev