Opened 4 years ago

Last modified 3 weeks ago

#15687 new defect

Make Tor Browser work with AppLocker

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-security, tbb-usability-stoppoint-app
Cc: starlight, mikeperry, tom, mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by gk)

There is a Windows mechanism to lock down access to applications, called AppLocker, and Tor Browser is not compatible with some ways of managing access. We need to think about what kind of rule compatibility we want to support:

There are

publisher based rules
path based rules
filehash based rules

and

default rules one can choose

(https://technet.microsoft.com/en-us/library/dd759068.aspx)

Child Tickets

Change History (8)

comment:1 Changed 4 years ago by gk

Description: modified (diff)

comment:2 Changed 4 years ago by gk

Cc: starlight mikeperry added

We probably have a hard time making Tor Browser compatible with the default rules, see: https://bugzilla.mozilla.org/show_bug.cgi?id=902771 while file hash based rules should work already and are the most recommended ones. The question then probably remains: should we support publisher rules and sign all the windows files (that is at least .exe, .dll)? I think so, at least in the long run.

comment:3 Changed 4 years ago by tom

Cc: tom added

comment:4 Changed 4 years ago by starlight

I agree that signing all the binaries and DLLs would be ideal.

Here I've avoided the default rules and require all
binaries be signed by an approved publisher
or have a hash entry--i.e. strict whitelisting.
Allowing anything in system directories to run
is less about security and more about controlling
what applications users' can run in a managed
environment.

With signed binaries, just one EXE and one DLL
rule are required. Presently have to create two
hash rules for each TBB release, adding files from
several subdirectories. Is a fair amount of
work. Temporary installer DLLs require a rule
as well.

While whitelisting is not, as many point out,
a silver bullet against intrusion, it raises
the bar for attackers tremendously. Makes
obtaining persistence much more difficult.

Perhaps Linux signed binaries should be
supported eventually as well. Don't know
enough about it yet myself to have
an opinion.

comment:5 Changed 4 years ago by mcs

Cc: mcs added

comment:6 Changed 12 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:7 Changed 3 months ago by traumschule

Cc: traumschuleriebau@… added

comment:8 Changed 3 weeks ago by traumschule

Cc: traumschuleriebau@… removed
Note: See TracTickets for help on using tickets.