[tbb-dev] Tag: sandboxed-tor-browser-0.0.8

Mon Jun 19 12:44:47 UTC 2017

Hello,

I went and tagged this, because I don't want to sit on the relatively
large #22648 change.

Changes in version 0.0.8 - 2017-06-19:
 * Bug 20776: Remove the X11 `MIT-SHM` workaround from the stub.
 * Bug 22470: Resync the bridges.
 * Bug 22607: Make it clear that basically 0 active development is
   happening.
 * Bug 22648: Prevent the "easy" to fix X11 related sandbox escapes.
 * Bug 22650: Make it clear that Pulse Audio is potentially dangerous
   to enable.

Thanks to Jann Horn of Google Project Zero for providing the report
that motivated #22648 and #22650.

Since there was some confusion, for clarity and the record, the
sandbox does not, and never has, considered most X11 or PulseAudio
related issues to be part of it's current threat model, with the
exception of what (minimal if any) mitigations happen to be in place.

Both protocols likely still will allow sophisticated adversaries to do
evil.  The documentation on the trac wiki page has received updates to
clarify this situation.

The recommendation for people that are concerned about such things
always has been, and still is "Use a separate X11 isolation
option"/"Wait for Wayland to magically fix everything", and "disable
PulseAudio" support.

Note that this does not mean that I won't accept bug reports or
suggestions to improve the X11/PulseAudio situations, but as the other
change notes "Basically 0 active development is happening".

Tested on Arch Linux and Fedora 25.  If it happens to break on something
else, patches accepted.

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170619/b34cbb46/attachment.sig>