Hi,

Note:

 * Don't use this unless you are capable of debugging it.
 * Don't use this if you need strong security (though the author
   believes it is an improvement over unsandboxed Tor Browser, and the
   previous sandboxing attempts).
 * Don't re-package it, it's not ready for that.

In addition to stewing in my infinite self-loathing, I made a serious
attempt at sandboxing Tor Browser again.  It works, is kind of neat,
and isn't totally horrible, so I'm showing what's available.

Where: https://git.schwanenlied.me/yawning/sandboxed-tor-browser

This builds a lightweight launcher process that will:

 * Handle installing/updating Tor Browser, while being rather paranoid
   about having a good trust root (hard copies of PGP keys, the update
   service's cert chain, and the MAR signing key are included and
   enforced).

 * Run the updater in a sandboxed environment without network access.

 * Run Tor Browser in a sandboxed enviornment with the Tor SocksPort
   being the only way to get beyond the host.

There's a bunch of caveats, and some functionality that's intentionally
broken, and certain annoyances that require a Tor Browser patch or two
to fix, but it appears to work fairly well.

The README.md file has more detailed documentation on how it works, the
sandbox environment, and the various caveats.

-- 
Yawning Angel

Attachment: pgp9rUAnxRERr.pgp
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Reply via email to