[tor-dev] More tor browser sandboxing fun.
yawning at schwanenlied.me
Wed Sep 21 09:33:31 UTC 2016
* Don't use this unless you are capable of debugging it.
* Don't use this if you need strong security (though the author
believes it is an improvement over unsandboxed Tor Browser, and the
previous sandboxing attempts).
* Don't re-package it, it's not ready for that.
In addition to stewing in my infinite self-loathing, I made a serious
attempt at sandboxing Tor Browser again. It works, is kind of neat,
and isn't totally horrible, so I'm showing what's available.
This builds a lightweight launcher process that will:
* Handle installing/updating Tor Browser, while being rather paranoid
about having a good trust root (hard copies of PGP keys, the update
service's cert chain, and the MAR signing key are included and
* Run the updater in a sandboxed environment without network access.
* Run Tor Browser in a sandboxed enviornment with the Tor SocksPort
being the only way to get beyond the host.
There's a bunch of caveats, and some functionality that's intentionally
broken, and certain annoyances that require a Tor Browser patch or two
to fix, but it appears to work fairly well.
The README.md file has more detailed documentation on how it works, the
sandbox environment, and the various caveats.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the tor-dev