[tor-bugs] #20773 [Applications/Tor Browser Sandbox]: Stop mounting `/proc` in the various containers once this is feasable.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Nov 26 00:05:53 UTC 2016
#20773: Stop mounting `/proc` in the various containers once this is feasable.
--------------------------------------------------+---------------------
Reporter: yawning | Owner: yawning
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+---------------------
All three containers currently used by `sandboxed-tor-browser` (tor,
firefox, and the updater) currently mount `/proc`. Once it's been
verified that relevant versions of the software shipped do not require
such, this mount should be removed to reduce fingerprinting and to close
an attack vector.
In the mean time, stopgap solutions such as AppArmor could be investigated
as well, though that is not a good long term solution as it is not
ubiquitous.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20773>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list