[tor-dev] More tor browser sandboxing fun.
grarpamp at gmail.com
Wed Sep 21 17:57:32 UTC 2016
On Wed, Sep 21, 2016 at 5:33 AM, Yawning Angel <yawning at schwanenlied.me> wrote:
> Where: https://git.schwanenlied.me/yawning/sandboxed-tor-browser
> X11 is a huge mess of utter fail. Since the sandboxed processes get direct access to the host X server, this is an exploitation vector.
Is anyone actually actively throwing the full audit gamut
at X11 these days, or is it still just one giant pile of 30 year
legacy waiting to explode?
> Really, just fuck off and leave me alone.
Oh no, the concept of one toplevel sig over a pile of embedded
sigs and infrastructure underneath, is useful. Kindof like
how signing a monotone or git repository is useful... a single
and simply checkable root from which all crap piles floweth.
More information about the tor-dev