wiki:doc/AppArmorForTBB

About

AppArmor Profile for TBB.

AppArmor is a Linux MAC. It is enabled by default in Ubuntu.

Discussion

The primary goal of confining TBB is to prevent an exploit in Firefox to leak the IP address. Is this even possible?

Do we need something like http://rudy.mif.pg.gda.pl/~bogdro/soft/#lhip ?

Even without that, AppArmor still is useful. For example you can easily protect files in your home folder and prevent persistent exploitation.

Prior Work

Preparation

Source: https://help.ubuntu.com/community/AppArmor#Creating_a_new_profile

sudo apt-get install apparmor-utils

Create Profiles

sudo aa-genprof tor-browser_en-US/App/vidalia

sudo aa-genprof tor-browser_en-US/App/tor

sudo aa-genprof tor-browser_en-US/App/Firefox/firefox

Profiles are stored in:

/etc/apparmor.d/

pastebin backup

(adrelanos) Before it gets purged from pastebin someday, I made a backup on github, but don't plan development:
https://github.com/adrelanos/Inoffical-TBB-AppArmor

Fork me on GitHub
Last modified 4 years ago Last modified on Jun 10, 2013, 12:05:32 AM