[Whonix-devel] #14270 [Applications/Tor Browser]: Make Tor Browser work with Unix Domain Socket option

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jul 21 22:07:35 CEST 2016


#14270: Make Tor Browser work with Unix Domain Socket option
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  project                   |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-security              |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:  SponsorU
--------------------------------------+--------------------------
Changes (by yawning):

 * severity:   => Normal


Comment:

 https://git.schwanenlied.me/yawning/tor-
 firejail/commit/b08f80044887363316c84de2fcb884bc7d20aff9

 Pros:
  * It works.
  * No patches to upstream.

 Cons:
  * Requires a 3rd party sandboxing mechanism to be totally trustworthy (as
 in, the sandbox enforces the family limitations for calls I don't bother
 to hook).
  * The tor daemon still needs to listen on a port since tor-button thinks
 it's talking to the standard socks port, and `about:tor` pukes due to the
 `GETINFO` check.
  * The tor daemon needs to be running elsewhere (outside the sandbox,
 different sandbox), since the sandbox disallows non `AF_LOCAL` families.
  * The stub/profile/script modification maintainer feasts on user's tears
 and ignores cries for help.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14270#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the Whonix-devel mailing list