Opened 5 years ago

Closed 5 years ago

#14976 closed enhancement (duplicate)

Make use of SOCKSSocket in Linux+Mac TBBs

Reported by: mikeperry Owned by: tbb-team
Priority: High Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords:
Cc: ioerror Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

#12585 just landed in Tor 0.2.6.3. It creates a UNIX filesystem socket that can be used instead of a TCP SOCKS port. This will allow us to disable all networking in the Tor Browser Firefox process, which would be a huge hardening improvement.

We can add support one of two ways: an LD_PRELOAD approach that tries to replace all TCP socket activity with SOCKSSocket calls, or with a direct implementation in Firefox's SOCKS layer.

I think I prefer the direct implementation in Firefox, because it will also let our sandboxing help test for proxy leaks in the Firefox code which may affect other platforms that don't support SOCKSSocket (like Windows), or systems that don't have a sandbox. The LD_PRELOAD approach won't do this for us.

Child Tickets

Change History (1)

comment:1 Changed 5 years ago by mikeperry

Keywords: tbb-security tbb-4.5-alpha removed
Resolution: duplicate
Status: newclosed

Woops, this is a dup of #14270.

Note: See TracTickets for help on using tickets.