Hi, Tom Ritter wrote (30 Jun 2014 17:03:49 GMT) : > Preventing a program from modifying itself is a distinct problem.
Point taken. > Trying to prevent an application from modifying itself on disk, so > that the changes persist after application shutdown, _could_ be > achieved by a sandbox - but it would have to be taken on a > case-by-case basis. Considering Tor Browser, the sandbox could > probably, easily, enforce read-only access to executables and > libraries. But I'm not sure how many things the 'New Identity' button > wipes out. If it doesn't wipe out everything, there are persistence > mechanisms between application executions that the sandbox _should_ > allow. For example, if installed extensions persist between 'New > Identity' - that's allows arbitrary code execution (inside the > sandbox). Indeed, the sandbox I have in mind would grant write access to Data/Browser/profile.default/extensions, and given the potential for persisting arbitrary code in there, it makes little sense to block write access to other programs and libraries shipped by the bundle. > It could change the entry guards, hardcode an exit, [...] Yep, I guess that's correct due to the fact the browser (when using tor-launcher) needs to be allowed to control Tor directly. > It sounds more like you want application imaging. [...] Thanks for the detailed analysis! Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
