[tor-talk] TBB, iptables, and seperation of concerns

Chris tmail299 at errtech.com
Mon Dec 12 08:19:07 UTC 2011

> On 12/12/11 7:00 AM, Chris wrote:
>> I have a few problems with the TBB.
>> 1. It isn't in a repository. For security reasons this should be
>> changed.
>> 2. It merges polipo/Tor together with everything else when Tor should be
>> run as a separate user with an unrestricted Internet connection while
>> the
>> user should run Firefox (with appropriate settings) under a restricted
>> user account with no direct Internet.
> IMHO the "Starter" of the TBB should be much more intelligent by
> providing:
> a) decompression of TBB
> b) splash logo with progress-bar
> c) app-level jailing of various application
> For point "c" i mean providing a sort of "app-armor" or "*osx" sandbox
> system but at application level with library preloading, directly
> managing the security profile from the starter.
> That way it could be much portable the "application security" of the
> system.
> -naif

I'd agree. I think it should be taken a step farther even and a
distribution should be produced around it. If you simply install TBB on a
PC you are going to be leaking activities to disk and potentially doing
other things as well. Accidents for instance such as: printing a web page
(possibly unknowingly- possibly to a network printer- possibly to a work
printer, possibly out of paper, you may not even realize it), or running
the wrong browser and not noticing.

If you are forced to boot off an external medium that is a secured
environment this is unlikely to occur.

More information about the tor-talk mailing list