[tor-talk] TBB, iptables, and seperation of concerns

Fabio Pietrosanti (naif) lists at infosecurity.ch
Mon Dec 12 08:01:12 UTC 2011

On 12/12/11 7:00 AM, Chris wrote:
> I have a few problems with the TBB.
> 1. It isn't in a repository. For security reasons this should be changed.
> 2. It merges polipo/Tor together with everything else when Tor should be
> run as a separate user with an unrestricted Internet connection while the
> user should run Firefox (with appropriate settings) under a restricted
> user account with no direct Internet.

IMHO the "Starter" of the TBB should be much more intelligent by providing:

a) decompression of TBB
b) splash logo with progress-bar
c) app-level jailing of various application

For point "c" i mean providing a sort of "app-armor" or "*osx" sandbox
system but at application level with library preloading, directly
managing the security profile from the starter.

That way it could be much portable the "application security" of the system.


More information about the tor-talk mailing list