Child Tickets

Change History (7)

comment:1 Changed 2 years ago by sysrqb

(For reference, #20121 was the Tor Browser ticket)

comment:2 Changed 2 years ago by rl1987

We should do some design work to decide how this should be implemented and how we want TBB et. al. to interact with sandboxed tor(1).

The contents of sandbox profile will largely depend on configuration in torrc - we allow and deny file/network/OS operations based on configuration. Changing configuration would require changing sandbox profile.

We could implement a command line argument that generates SBPL file from tor configuration without actually starting tor, e.g.:

tor --generate-sbpl

Then the user (or would launch tor (with same config) through sandbox-exec(1):

sandbox-exec -f tor

There's libseccomp-based Linux sandboxing code in tor codebase already. Ideally we would want macOS code to be consistent with existing stuff in sandbox.c and perhaps reuse some of the logic.

Note that sandbox_init() C function is deprecated in modern macOS. So we probably shouldn't write code that sandboxes tor from inside process. Furthermore, Apple does seem to want 3rd party developers to use SBPL. Instead, they want everyone to use Xcode to configure what a program is and isn't allowed to do (not sure if we want to go that way - I would prefer the above approach).

Also sandbox-exec(1) is deprecated in macOS as of 10.13.5. So I'm not really convinced this would be a good investment for little-t-tor, as the underlying APIs are not exactly public and might disappear in next few years. We probably do not want to add Xcode as dependency to our macOS builds.

Last edited 2 years ago by rl1987 (previous) (diff)

comment:3 Changed 2 years ago by ahf

Owner: set to ahf
Status: newassigned

Assigning this to myself. Have some promising experimental code.

comment:4 Changed 2 years ago by ahf

Started some early refactoring work for this to be possible in

comment:5 Changed 2 years ago by asn

Keywords: macos sandbox added

comment:6 Changed 14 months ago by gaba

Cc: ahf added
Owner: ahf deleted

Liberating some of the tickets that ahf had.

comment:7 Changed 6 months ago by teor

Status: assignednew

Change tickets that are assigned to nobody to "new".

Note: See TracTickets for help on using tickets.