[tor-bugs] #23002 [Applications/Tor Browser Sandbox]: Determine if Tor browser bundle sandbox has been compromised
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Jul 22 22:00:45 UTC 2017
#23002: Determine if Tor browser bundle sandbox has been compromised
----------------------------------------------+----------------------------
Reporter: Dbryrtfbcbhgf | Owner: yawning
Type: enhancement | Status: closed
Priority: Medium | Milestone: Tor:
| 0.3.2.x-final
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Resolution: wontfix
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+----------------------------
Changes (by yawning):
* status: new => closed
* resolution: => wontfix
Comment:
This is pointless because all of the firefox components that would be
protected are exposed within the container as read-only files.
The only time that anything in a container has write access to it's own
components is when applying updates, which is done in a different
container with no network access. At this time, malicious MAR files with
valid signatures are entirely beyond the threat model (Though see #22946).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23002#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list