[tor-bugs] #22000 [Applications/Tor Browser]: update OSX browser sandbox profile for e10s

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jun 21 14:03:07 UTC 2018 

#22000: update OSX browser sandbox profile for e10s
-------------------------------------------------+-------------------------
 Reporter:  brade                                |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, tbb-security, tbb-         |  Actual Points:
  sandboxing, tbb-e10s, TorBrowserTeam201707     |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------

Comment (by tom):

 Replying to [comment:7 mcs]:
 > Kathy and I were hoping to come up with a quick fix for this ticket, but
 it turns out that nesting of sandbox configs is not supported on OSX. That
 means that we either need to disable Mozilla's content process sandbox or
 we need to disable our sandbox. Since it seems like there may be a way in
 our sandbox profile to say "allow exec of this specific executable and
 start it without a sandbox" and since (hopefully) Mozilla enables their
 sandbox as early as possible, the second approach is probably the one to
 use. In other words, our tb.sb profile would apply to the chrome process
 and Mozilla's built in content process sandbox rules would apply to the
 content/tab process. But we should look and see what we are giving up if
 we do that, e.g., what does Mozilla allow that we don't want to allow?

 We had discussed this at the All Hands last week; and if there is a
 sandbox applied to the parent process, we cannot apply the content process
 sandbox policy.

 It's worth double checking just to be certain (especially on the
 latest/preview OSX); but I believe this is the case.

 We could try reporting this up to Apple and maybe they'll improve the
 implementation though.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22000#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list