[tor-dev] Release: sandboxed-tor-browser 0.0.2
yawning at schwanenlied.me
Sat Dec 10 20:52:47 UTC 2016
I tagged sandboxed-tor-browser 0.0.2 (0.0.1 is also tagged, but it has
a few issues), so this is the obligatory release announcement.
Official binaries should be available sometime next week, so I strongly
suggest that people wait till then, unless they feel confident in
installing the build time dependencies, and building the binary.
This is the non-developer alpha version of the sandboxing approach
A lot has changed since then, the primary changes are numerous
improvements to the sandbox, the addition of graphical UI, and the
removal of the "you need a tor daemon as a system service" requirement.
It is still very much an alpha (up from a proof of concept tech demo),
so there will be rough edges and bugs, some potentially major.
* A Gtk+3 based UI for downloading/installing/updating Tor Browser,
configuring tor, and launching the sandboxed browser. Think
`tor-browser-launcher`, that happens to run Tor Browser in a bunch
* Linux seccomp-bpf + namespace based containers for Tor Browser, that
attempts to prevent/mitigate exploits and reduce the amount of
personally identifiable information to a minimum, centered around
bubblewrap (runtime dependency).
Known system incompatibilities:
* 64 bit kernel, 32 bit userland is not supported.
* X32 (x86_64 with 32 bit pointers) is not supported. If you have to
ask what this is, and how it's different from normal 32 bit x86, you
don't have it.
* Systems that do not store the dynamic linker/loader cache in
`/etc/ld.so.cache` in glibc 2.2 format are not supported.
* Ubuntu does not have a sufficiently recent bubblewrap package
available for any current release, up to and including `yakkety`
(16.10). The package that is available in `universe` SHOULD NOT be
installed, and WILL NOT work.
* On systems where gstreamer libraries are pulled in as part of the
base firefox runtime dependencies, the libraries can find their way
into the sandbox without the need for explicit user intervention, if
"Extra Audio/Video Codecs" is enabled in the sandbox configuration.
As far as I am aware, and on the systems I have tested, none of the
modern distributions have system libraries built this way. If the
sandbox manages to launch Tor Browser with the option disabled, you
are not affected by this.
The exact functionality, usage, and caveats are documented at:
The code is at:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the tor-dev