#20773: Stop mounting `/proc` in the various containers once this is feasable. --------------------------------------------------+--------------------- Reporter: yawning | Owner: yawning Type: enhancement | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser Sandbox | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | --------------------------------------------------+--------------------- All three containers currently used by `sandboxed-tor-browser` (tor, firefox, and the updater) currently mount `/proc`. Once it's been verified that relevant versions of the software shipped do not require such, this mount should be removed to reduce fingerprinting and to close an attack vector.
In the mean time, stopgap solutions such as AppArmor could be investigated as well, though that is not a good long term solution as it is not ubiquitous. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20773> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs