[tor-bugs] #10943 [Tor Messenger]: Sandboxing Instantbird
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Jul 21 22:41:53 UTC 2015
#10943: Sandboxing Instantbird
-------------------------------+------------------------------------------
Reporter: sukhbir | Owner: ioerror
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor Messenger | Version:
Resolution: | Keywords: SponsorO, TorMessengerPublic
Actual Points: | Parent ID:
Points: |
-------------------------------+------------------------------------------
Comment (by ioerror):
On GNU/Linux - I'd like to suggest that we should plan to isolate from the
nightmare that is XWindows as much as is possible. One way is to do
something like this:
{{{xpra start :1 --start-child=xeyes && xpra attach :1}}}
This is easily accomplished by doing:
{{{xpra start :1 --start-child=start-tor-messenger && xpra attach :1}}}
I suspect the smart thing would be to patch {{{start-tor-messenger}}} to
be xpra aware.
I would suggest the following as a starting point for xpra as a basic
XWindows condom:
{{{xpra start :23 --start-child=./start-tor-messenger --exit-with-
children --no-clipboard --no-pulseaudio --no-microphone --no-sharing --no-
xsettings --no-notifications --opengl=no --no-mdns --no-cursors --no-bell
&& xpra attach :23 --no-clipboard --no-tray --title=@title@}}}
I ran this on an x86_64 Debian system with xpra v0.14.10. Tor Messenger
worked as expected but now it cannot be easily used to be an XWindows
key/event logger. It is isolated even from the clipboard - which may be a
bit too much.
As a general reminder: we must *also* sandbox the application to prevent
it from connecting to the default XServer - this needs to be done either
in AppArmor or in another sandboxing framework.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10943#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list