[tor-bugs] #22648 [Applications/Tor Browser Sandbox]: Do something about the X11 situation.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Jun 19 10:37:48 UTC 2017
#22648: Do something about the X11 situation.
--------------------------------------------------+---------------------
Reporter: yawning | Owner: yawning
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------------------+---------------------
Per "Jann Horn of Google Project Zero", X11 provides a few vectors for
sandbox escape. While this is not part of the threat model in current
releases, the trivial cases should be fixed.
In the mean time, the documentation has been updated to note that this
isn't covered:
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux?action=diff&version=22
nb: Even if the trivial cases are fixed, this still won't prevent an
adversary from doing evil to or via X11.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22648>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list