Opened 3 years ago

Last modified 3 years ago

#19750 new defect

Sandboxing in Tor Browser

Reported by: arthuredelstein Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-sandboxing, TorBrowserTeam201701
Cc: brade, mcs, yawning, gk Actual Points:
Parent ID: Points:
Reviewer: Sponsor: SponsorU

Description (last modified by arthuredelstein)

Here's a parent ticket to track efforts to sandbox Tor Browser. Please use this ticket to discuss various approaches and link to email discussions where available.

Child Tickets

TicketStatusOwnerSummaryComponent
#4522assignedtbb-teamAdd privilege separation for bundled browserApplications/Tor Browser
#8282closedtbb-teamintegrate tbb firefox osx sandbox in buildApplications/Tor Browser
#14270closedtbb-teamMake Tor Browser work with Unix Domain Socket optionApplications/Tor Browser
#19055closedtbb-teamTBB Upstreaming of Yawning's Firejail ScriptApplications/Tor Browser
#20121closedtbb-teamCreate Seatbealt profile(s) for Tor BrowserApplications/Tor bundles/installation
#20352closedtbb-teamIntegrate sandboxed Tor Browser into our gitian build systemApplications/Tor Browser
#20758closedtbb-teamMake Linux sandbox build deterministicApplications/Tor Browser
#31694closedtbb-teamWindows Sandboxie for Tor Browser is going open source \o/Applications/Tor Browser

Change History (15)

comment:1 Changed 3 years ago by mcs

Cc: brade mcs added

comment:2 Changed 3 years ago by yawning

Cc: yawning added

comment:3 Changed 3 years ago by yawning

FWIW, I'm vaguely against using my modified start-tor-browser script (#19055) for the official Tor Browser sandboxing efforts, since there's a bunch of pitfalls to the approach I took. This doesn't mean that firejail is unsuitable (it's probably still the most expedient approach for Linux), just the way I integrated it when I first started looking at sandboxing stuff is suboptimal.

I have ideas on "how to do it better", just wanted to comment that my views on certain things have shifted a bit.

comment:4 Changed 3 years ago by arthuredelstein

Description: modified (diff)

comment:5 Changed 3 years ago by gk

Cc: gk added

comment:6 Changed 3 years ago by cypherpunks

How about messing with selinux contexts?

comment:7 Changed 3 years ago by bugzilla

In or Of TBB? (Content or App?)
https://wiki.mozilla.org/Security/Sandbox

comment:8 Changed 3 years ago by yawning

As I just posted to tor-dev@: https://git.schwanenlied.me/yawning/sandboxed-tor-browser

Linux only.

This is substantially less bad than my prior attempts with firejail, and it even includes a launcher process that handles keeping the browser installed and up to date. It's probably not ready for production use.

comment:9 Changed 3 years ago by mcs

Sponsor: SponsorU

comment:10 Changed 3 years ago by gk

Keywords: TorBrowserTeam201610 added

comment:11 in reply to:  7 ; Changed 3 years ago by bugzilla

Replying to bugzilla:

In or Of TBB? (Content or App?)

For "Of" effort on Windows: CIS (Comodo Internet Security suite) sandbox could be recommended (free).
https://help.comodo.com/topic-72-1-623-7754-The-Sandbox---An-Overview.html

(@mcs/brade: the main ticket uses tbb-sandboxing, so tbb-sandbox looks confusing.)

comment:12 in reply to:  11 Changed 3 years ago by mcs

Replying to bugzilla:

(@mcs/brade: the main ticket uses tbb-sandboxing, so tbb-sandbox looks confusing.)

Thanks. Fixed in #20304.

comment:13 Changed 3 years ago by gk

Keywords: TorBrowserTeam201611 added; TorBrowserTeam201610 removed

Moving tickets over to November.

comment:14 Changed 3 years ago by gk

Keywords: TorBrowserTeam201612 added; TorBrowserTeam201611 removed

Moving tickets to December.

comment:15 Changed 3 years ago by gk

Keywords: TorBrowserTeam201701 added; TorBrowserTeam201612 removed

Moving our tickets to January 2017

Note: See TracTickets for help on using tickets.