[tor-bugs] #10943 [Tor Messenger]: Sandboxing Instantbird

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 27 14:02:48 UTC 2015


#10943: Sandboxing Instantbird
-------------------------------+------------------------------------------
     Reporter:  sukhbir        |      Owner:  ioerror
         Type:  task           |     Status:  new
     Priority:  normal         |  Milestone:
    Component:  Tor Messenger  |    Version:
   Resolution:                 |   Keywords:  SponsorO, TorMessengerPublic
Actual Points:                 |  Parent ID:
       Points:                 |
-------------------------------+------------------------------------------

Comment (by ioerror):

 I've attached a seccomp policy to be used with minijail like so:
 {{{
 minijail0 -n -S  tor-messenger-seccomp-amd64.policy.sorted ./start-tor-
 messenger
 }}}

 It would also be possible to simply detect the presence of minijail in the
 `start-tor-messenger` script and then exec `instantbird` with it as the
 caller. This would also allow us to make a tighter policy as the current
 policy includes all of the syscalls required to run the full shell script
 - which may or may not be what we want or need.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10943#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list