[tbb-dev] So, about the Linux sandbox in the long term?

Hans-Christoph Steiner hans at guardianproject.info
Tue May 30 19:59:41 UTC 2017

Nathan Freitas:
> On Tue, May 30, 2017, at 02:51 PM, Hans-Christoph Steiner wrote:
>> Tom Ritter:
>>> On 30 May 2017 at 13:22, Hans-Christoph Steiner
>>> <hans at guardianproject.info> wrote:
>>>> As for Android apps updating their own code, it is possible, and it is
>>>> occasionally done.
>>> Can it be prevented?
>> Android now sets the /data and /sdcard partitions so that code cannot be
>> executed from them.  Those are the only places that apps have permission
>> to write.  So apps cannot download and store code.  The only option is
>> to download code and keep it in RAM.
> However, we could download a new tor binary, or PT's on demand, at least
> in the current configuration, since those are just command line
> executable we unpack and store in data. You can execute binaries from
> within /data - you just need to chmod them first. It is only /sdcard
> where that is not allowed.
> I think you can also download shared libraries anywhere, and just load
> them via System.load() with an arbitrary path.
> I do agree, there is benefit from keeping the tor process in an isolated
> sandbox from the browser process. This has been the discussion we have
> been having around a core "Tor Network Services" APK, that would be
> essentially an invisible dependency much like Google Play Services.

I chatted in person with Nick Kralevich, head of Android platform
security, about this.  He really wants to disallow execution of anything
from where apps can write.  He said they had it working already.
Perhaps this is in Android O.  I haven't looked.  They might have backed
down on this one, and not included it yet.

In any case, given that the Android security team really doesn't like it
when apps download code and run it, I don't think its a good approach
for TBB/Android.  I heard that Google sees this often used in malware.


PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556

More information about the tbb-dev mailing list