[tor-talk] TBB, iptables, and seperation of concerns

Andrew Lewman andrew at torproject.org
Mon Dec 12 17:59:00 UTC 2011


On Mon, 12 Dec 2011 01:00:37 -0500
"Chris" <tmail299 at errtech.com> wrote:
> 1. It isn't in a repository. For security reasons this should be
> changed.

What security reasons? pgp verification of all TBB releases is
available. See
https://www.torproject.org/docs/verifying-signatures.html.en

> 2. It merges polipo/Tor together with everything else when Tor should
> be run as a separate user with an unrestricted Internet connection
> while the user should run Firefox (with appropriate settings) under a
> restricted user account with no direct Internet.

Polipo hasn't been shipped for a while. You're talking about sandboxing
TBB for more safety. We agree and have a loose plan to implement such a
sandbox in Windows, OS X, and linux. Please help us.

Currently a volunteer is working on OS X because that's what they know
the best,
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle/OSX/Security

-- 
Andrew
pgp 0x74ED336B


More information about the tor-talk mailing list