Opened 3 years ago

Closed 3 years ago

#19055 closed enhancement (wontfix)

TBB Upstreaming of Yawning's Firejail Script

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: TorBrowserTeam201607R
Cc: tbb-team, adrelanos, yawning Actual Points:
Parent ID: #19750 Points:
Reviewer: Sponsor:

Description

This ticket is to track the eventual inclusion for a Firejail aware start-tor-browser script in TBB releases - it attempts to run TBB in Firejail if detected on the system. Firejail is a popular and well maintained software containment system available in Debian.

(Yawning is very busy these days and won't be able to work on it. Thanks Yawning for writing it in the first place!)

Since a Tor Browser planned changes is to release versions that can take advantage of system containment features - this work complements it IMHO.

https://git.schwanenlied.me/yawning/tor-firejail

https://lists.torproject.org/pipermail/tor-dev/2016-May/010948.html

Child Tickets

Change History (11)

comment:1 Changed 3 years ago by adrelanos

Cc: adrelanos added

comment:2 Changed 3 years ago by adrelanos

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

comment:3 Changed 3 years ago by adrelanos

Current:
https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/RelativeLink/start-tor-browser

Proposed:
https://git.schwanenlied.me/yawning/tor-firejail/src/master/start-tor-browser

The diff looks reasonable. Should be safe for with non-firejail users.

> #
> # Automagic sandboxing based on firejail if it's available.
> #
> BROWSER_CMD=./firefox
> if [ -x /usr/bin/firejail ]; then
>   BROWSER_CMD="/usr/bin/firejail --profile=${HOME}/tor-browser.profile \
>     --env=LD_LIBRARY_PATH=${LD_LIBRARY_PATH} \
>     --env=FONTCONFIG_PATH=${FONTCONFIG_PATH} \
>     --env=FONTCONFIG_FILE=${FONTCONFIG_FILE} \
>     --env=ASAN_OPTIONS=${ASAN_OPTIONS} \
>     --whitelist=${HOME} \
>     ./firefox"
> fi
> 
359c373
<     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
---
>     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \
363c377
<     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
---
>     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \
367c381
<     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
---
>     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \
371c385
<     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \
---
>     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \
374c388                                                                                                                                                                             
<     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ./firefox --class "Tor Browser" \                                                                                                    
---                                                                                                                                                                                 
>     TOR_CONTROL_PASSWD=${TOR_CONTROL_PASSWD} ${BROWSER_CMD} --class "Tor Browser" \

comment:4 Changed 3 years ago by adrelanos

Status: newneeds_review

If you do not mind, please copy https://git.schwanenlied.me/yawning/tor-firejail/src/master/start-tor-browser over https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/RelativeLink/start-tor-browser... [*] I think this patch is ready for review.


[*] I could also create a git branch.

comment:5 Changed 3 years ago by gk

Keywords: TorBrowserTeam201607R added

Creating a git branch would be neat, thanks. Keeping it on our radar, though.

comment:6 Changed 3 years ago by gk

Cc: yawning added

comment:7 Changed 3 years ago by yawning

A few things.

  • Just the script changes is insufficient and will probably misbehave if the firejail profile isn't in the bundle directory.
  • The way I setup the profile along with other things probably breaks things, for example, I was rather restrictive about which filesystem paths are allowed, which will at a minimum confuse users.

FOR MY USECASES this works great, and I've been using it in various forms since I first bothered to set up the thing, but I didn't test anything, and I'm do not want to fix random things that break for other people, and will probably ignore most cries for help.

If those caveats are ok, then do what you want, I don't care.

comment:8 in reply to:  3 Changed 3 years ago by gk

Replying to adrelanos:

The diff looks reasonable. Should be safe for with non-firejail users.

What about users that have firejail installed but only configured for a particular application which is not Tor Browser? Or maybe they just have firejail on their computer for some reason without doing any sandboxing at the moment at all.

And what would it buy our users just having the script differences merged without Tor Browser coming with a usable profile?

comment:9 Changed 3 years ago by arthuredelstein

Parent ID: #19750

comment:10 Changed 3 years ago by gk

Status: needs_reviewneeds_information

comment:11 Changed 3 years ago by gk

Resolution: wontfix
Status: needs_informationclosed

We don't pursue this road anymore. We look closer at yawning's third shot.

Note: See TracTickets for help on using tickets.