[tor-bugs] #22648 [Applications/Tor Browser Sandbox]: Do something about the X11 situation.

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jun 19 10:37:48 UTC 2017


#22648: Do something about the X11 situation.
--------------------------------------------------+---------------------
     Reporter:  yawning                           |      Owner:  yawning
         Type:  enhancement                       |     Status:  new
     Priority:  Medium                            |  Milestone:
    Component:  Applications/Tor Browser Sandbox  |    Version:
     Severity:  Normal                            |   Keywords:
Actual Points:                                    |  Parent ID:
       Points:                                    |   Reviewer:
      Sponsor:                                    |
--------------------------------------------------+---------------------
 Per "Jann Horn of Google Project Zero", X11 provides a few vectors for
 sandbox escape.  While this is not part of the threat model in current
 releases, the trivial cases should be fixed.

 In the mean time, the documentation has been updated to note that this
 isn't covered:
 https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Sandbox/Linux?action=diff&version=22

 nb: Even if the trivial cases are fixed, this still won't prevent an
 adversary from doing evil to or via X11.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22648>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list