[tor-dev] More tor browser sandboxing fun.

Yawning Angel yawning at schwanenlied.me
Thu Sep 22 06:17:08 UTC 2016

On Wed, 21 Sep 2016 21:51:10 +0000
Yawning Angel <yawning at schwanenlied.me> wrote:
> There shouldn't be anything stopping people from using a nested X
> solution with sandboxed-tor-browser, since it honors DISPLAY and
> writes out a new ~/.Xauthority in the sandbox tmpfs, as long as the
> secondary X server puts the AF_LOCAL socket in the traditional
> location under /tmp.

Yep, Xephyr "just works", assuming you make sure to add a
`MIT-MAGIC-COOKIE-1` credential for it to the Xauthority file.  For
convenience I added an option to the config file to override the
DISPLAY env var that sandboxed processes see.

It works ok, but isn't for me, because copy and paste between the
parent and nested X session is a huge pain.

I briefly considered adding an option to auto-start the nested X
server, but certain aspects of the Firefox UI break without an window


Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160922/0202d34d/attachment.sig>

More information about the tor-dev mailing list