[tor-dev] More tor browser sandboxing fun.

Yawning Angel yawning at schwanenlied.me
Wed Sep 21 09:33:31 UTC 2016


Hi,

Note:

 * Don't use this unless you are capable of debugging it.
 * Don't use this if you need strong security (though the author
   believes it is an improvement over unsandboxed Tor Browser, and the
   previous sandboxing attempts).
 * Don't re-package it, it's not ready for that.

In addition to stewing in my infinite self-loathing, I made a serious
attempt at sandboxing Tor Browser again.  It works, is kind of neat,
and isn't totally horrible, so I'm showing what's available.

Where: https://git.schwanenlied.me/yawning/sandboxed-tor-browser

This builds a lightweight launcher process that will:

 * Handle installing/updating Tor Browser, while being rather paranoid
   about having a good trust root (hard copies of PGP keys, the update
   service's cert chain, and the MAR signing key are included and
   enforced).

 * Run the updater in a sandboxed environment without network access.

 * Run Tor Browser in a sandboxed enviornment with the Tor SocksPort
   being the only way to get beyond the host.

There's a bunch of caveats, and some functionality that's intentionally
broken, and certain annoyances that require a Tor Browser patch or two
to fix, but it appears to work fairly well.

The README.md file has more detailed documentation on how it works, the
sandbox environment, and the various caveats.

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160921/bcb4defa/attachment.sig>


More information about the tor-dev mailing list