[tor-bugs] #20121 [Applications/Tor bundles/installation]: Create Seatbealt profile(s) for Tor Browser

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Oct 28 20:08:23 UTC 2016 

#20121: Create Seatbealt profile(s) for Tor Browser
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Very High                            |      Milestone:
Component:  Applications/Tor                     |        Version:
  bundles/installation                           |
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, TorBrowserTeam201610   |  Actual Points:
Parent ID:  #19750                               |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  SponsorU
-------------------------------------------------+-------------------------

Comment (by mcs):

 There is more work to do, but I attached a "work in progress" zip snapshot
 that contains Seatbelt profiles for Tor Browser (tb.sb) and tor (tor.sb).
 The zip file also contains bash scripts for starting tor and firefox, as
 well as a skeleton TorBrowser-Data directory (required if starting from
 scratch). In theory, if a TorBrowser.app is added that contains recent
 builds of Torbutton and Tor-Launcher, the scripts can be used to start a
 sandboxed browser that uses a sandboxed tor.

 Ignoring packaging concerns, there are many limitations, e.g.,
 * This probably requires OSX 10.9 or later (this might be OK). We tested
 on 10.11.6 and 10.12.1. It definitely will not work on 10.6 due to changes
 in the sandbox profile file format (we could create separate profiles for
 10.6 if necessary).
 * It assumes the browser app bundle will be named TorBrowser.app.
 * It assumes a portable model (i.e.g, TorBrowser.app is not in
 /Applications).
 * It assumes that /tmp/Tor exists with mode 0700 or similar (the SOCKS and
 control port Unix domain sockets are placed there).
 * The firefox process has full control port access, which is probably not
 desirable.
 * The browser updater will not work due to the sandbox restrictions.

 In the long run, we probably need something similar to what Yawning is
 working on for Linux (a separate process to start tor, check for updates,
 start firefox; a control port filter; other things).

--
Ticket URL: <https://troodi.torproject.org/projects/tor/ticket/20121#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list