#23002 closed enhancement (wontfix)

Determine if Tor browser bundle sandbox has been compromised

Reported by: Dbryrtfbcbhgf Owned by: yawning
Priority: Medium Milestone: Tor: 0.3.2.x-final
Component: Archived/Tor Browser Sandbox Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Every time tor browser bundle sandbox launcher opens Tor browser bundle, it should take a Sha2 hash of Firefox ESR and other internal files and compere it to a predetermined hash, taken during the initial launch to tell whether it's been compromise, the hash should be saved somewhere where a compromise Firefox cannot edit it. If the hash does not match the initial hash then it should give a warning to users that it needs to delete tor browser bundle and re-download/reinstall tor browser bundle. The hash should only be taken of Firefox ESR and other components that the user would not be able to change under normal operations.

Child Tickets

Change History (1)

comment:1 Changed 17 months ago by yawning

Resolution: wontfix
Status: newclosed

This is pointless because all of the firefox components that would be protected are exposed within the container as read-only files.

The only time that anything in a container has write access to it's own components is when applying updates, which is done in a different container with no network access. At this time, malicious MAR files with valid signatures are entirely beyond the threat model (Though see #22946).

Note: See TracTickets for help on using tickets.