[Whonix-devel] #14270 [Applications/Tor Browser]: Make Tor Browser work with Unix Domain Socket option
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 21 22:07:35 CEST 2016
#14270: Make Tor Browser work with Unix Domain Socket option
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: project | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor: SponsorU
--------------------------------------+--------------------------
Changes (by yawning):
* severity: => Normal
Comment:
https://git.schwanenlied.me/yawning/tor-
firejail/commit/b08f80044887363316c84de2fcb884bc7d20aff9
Pros:
* It works.
* No patches to upstream.
Cons:
* Requires a 3rd party sandboxing mechanism to be totally trustworthy (as
in, the sandbox enforces the family limitations for calls I don't bother
to hook).
* The tor daemon still needs to listen on a port since tor-button thinks
it's talking to the standard socks port, and `about:tor` pukes due to the
`GETINFO` check.
* The tor daemon needs to be running elsewhere (outside the sandbox,
different sandbox), since the sandbox disallows non `AF_LOCAL` families.
* The stub/profile/script modification maintainer feasts on user's tears
and ignores cries for help.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14270#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the Whonix-devel
mailing list