[tor-bugs] #23002 [Applications/Tor Browser Sandbox]: Determine if Tor browser bundle sandbox has been compromised
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jul 22 20:51:22 UTC 2017
#23002: Determine if Tor browser bundle sandbox has been compromised
-------------------------------------------------+-------------------------
Reporter: Dbryrtfbcbhgf | Owner: yawning
Type: enhancement | Status: new
Priority: Medium | Milestone: Tor:
Component: Applications/Tor Browser | 0.3.2.x-final
Sandbox | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
-------------------------------------------------+-------------------------
Every time tor browser bundle sandbox launcher opens Tor browser bundle,
it should take a Sha2 hash of Firefox ESR and other internal files and
compere it to a predetermined hash, taken during the initial launch to
tell whether it's been compromise, the hash should be saved somewhere
where a compromise Firefox cannot edit it. If the hash does not match the
initial hash then it should give a warning to users that it needs to
delete tor browser bundle and re-download/reinstall tor browser bundle.
The hash should only be taken of Firefox ESR and other components that the
user would not be able to change under normal operations.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23002>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list