[tor-bugs] #14976 [Tor Browser]: Make use of SOCKSSocket in Linux+Mac TBBs
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Feb 20 20:52:20 UTC 2015
#14976: Make use of SOCKSSocket in Linux+Mac TBBs
-----------------------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Tor Browser | Version:
Keywords: tbb-security, tbb-4.5-alpha | Actual Points:
Parent ID: | Points:
-----------------------------------------+--------------------------
#12585 just landed in Tor 0.2.6.3. It creates a UNIX filesystem socket
that can be used instead of a TCP SOCKS port. This will allow us to
disable all networking in the Tor Browser Firefox process, which would be
a huge hardening improvement.
We can add support one of two ways: an LD_PRELOAD approach that tries to
replace all TCP socket activity with SOCKSSocket calls, or with a direct
implementation in Firefox's SOCKS layer.
I think I prefer the direct implementation in Firefox, because it will
also let our sandboxing help test for proxy leaks in the Firefox code
which may affect other platforms that don't support SOCKSSocket (like
Windows), or systems that don't have a sandbox. The LD_PRELOAD approach
won't do this for us.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14976>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list