[tor-dev] Release: sandboxed-tor-browser 0.0.2

Yawning Angel yawning at schwanenlied.me
Sat Dec 10 20:52:47 UTC 2016


I tagged sandboxed-tor-browser 0.0.2 (0.0.1 is also tagged, but it has
a few issues), so this is the obligatory release announcement.

Official binaries should be available sometime next week, so I strongly
suggest that people wait till then, unless they feel confident in
installing the build time dependencies, and building the binary.

This is the non-developer alpha version of the sandboxing approach
outlined in:


A lot has changed since then, the primary changes are numerous
improvements to the sandbox, the addition of graphical UI, and the
removal of the "you need a tor daemon as a system service" requirement.

It is still very much an alpha (up from a proof of concept tech demo),
so there will be rough edges and bugs, some potentially major.


 * A Gtk+3 based UI for downloading/installing/updating Tor Browser,
   configuring tor, and launching the sandboxed browser.  Think
   `tor-browser-launcher`, that happens to run Tor Browser in a bunch
   of containers.

 * Linux seccomp-bpf + namespace based containers for Tor Browser, that
   attempts to prevent/mitigate exploits and reduce the amount of
   personally identifiable information to a minimum, centered around
   bubblewrap (runtime dependency).

Known system incompatibilities:

 * 64 bit kernel, 32 bit userland is not supported.

 * X32 (x86_64 with 32 bit pointers) is not supported.  If you have to
   ask what this is, and how it's different from normal 32 bit x86, you
   don't have it.

 * Systems that do not store the dynamic linker/loader cache in
   `/etc/ld.so.cache` in glibc 2.2 format are not supported.

 * Ubuntu does not have a sufficiently recent bubblewrap package
   available for any current release, up to and including `yakkety`
   (16.10).  The package that is available in `universe` SHOULD NOT be
   installed, and WILL NOT work.

 * On systems where gstreamer libraries are pulled in as part of the
   base firefox runtime dependencies, the libraries can find their way
   into the sandbox without the need for explicit user intervention, if
   "Extra Audio/Video Codecs" is enabled in the sandbox configuration.

   As far as I am aware, and on the systems I have tested, none of the
   modern distributions have system libraries built this way.  If the
   sandbox manages to launch Tor Browser with the option disabled, you
   are not affected by this.

The exact functionality, usage, and caveats are documented at:

The code is at:


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20161210/63c15d5c/attachment.sig>

More information about the tor-dev mailing list