[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TBB, iptables, and seperation of concerns

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TBB, iptables, and seperation of concerns
From: "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx>
Date: Mon, 12 Dec 2011 09:01:12 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 12 Dec 2011 03:01:34 -0500
In-reply-to: <024b8606b2c66e5b4da87f1efd42b8e4.squirrel@xxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <1323634518.16365.140661010296925@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20111212053218.GL5287@xxxxxxxxxxxxxx> <024b8606b2c66e5b4da87f1efd42b8e4.squirrel@xxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.24) Gecko/20111103 Thunderbird/3.1.16

On 12/12/11 7:00 AM, Chris wrote:
> I have a few problems with the TBB.
> 
> 1. It isn't in a repository. For security reasons this should be changed.
> 
> 2. It merges polipo/Tor together with everything else when Tor should be
> run as a separate user with an unrestricted Internet connection while the
> user should run Firefox (with appropriate settings) under a restricted
> user account with no direct Internet.

IMHO the "Starter" of the TBB should be much more intelligent by providing:

a) decompression of TBB
b) splash logo with progress-bar
c) app-level jailing of various application

For point "c" i mean providing a sort of "app-armor" or "*osx" sandbox
system but at application level with library preloading, directly
managing the security profile from the starter.

That way it could be much portable the "application security" of the system.

-naif
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] TBB, iptables, and seperation of concerns
  - From: Chris

References:
- [tor-talk] New to List
  - From: Erich Kroener
- Re: [tor-talk] New to List
  - From: Roger Dingledine
- [tor-talk] TBB, iptables, and seperation of concerns
  - From: Chris

Prev by Author: [tor-talk] Increase tor HS reachability
Next by Author: Re: [tor-talk] TBB, iptables, and seperation of concerns
Previous by thread: [tor-talk] TBB, iptables, and seperation of concerns
Next by thread: Re: [tor-talk] TBB, iptables, and seperation of concerns
Index(es):
- Author
- Thread