[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #22910 [Applications/Tor Browser Sandbox]: Deprecate the extra codecs/volatile extension dir options

Subject: [tor-bugs] #22910 [Applications/Tor Browser Sandbox]: Deprecate the extra codecs/volatile extension dir options
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 13 Jul 2017 02:30:14 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 12 Jul 2017 22:30:28 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22910: Deprecate the extra codecs/volatile extension dir options
--------------------------------------------------+---------------------
     Reporter:  yawning                           |      Owner:  yawning
         Type:  enhancement                       |     Status:  new
     Priority:  Medium                            |  Milestone:
    Component:  Applications/Tor Browser Sandbox  |    Version:
     Severity:  Normal                            |   Keywords:
Actual Points:                                    |  Parent ID:
       Points:                                    |   Reviewer:
      Sponsor:                                    |
--------------------------------------------------+---------------------
 Having massive "foot + gun" options in general is bad practice.

 The extra codecs will expose ffmpeg to the browser container, which is a
 concrete increase in attack surface for questionable gain (gstreamer is
 never allowed).

 The volatile extension dir gives firefox more write access than what
 anyone that's vaguely security conscious should be comfortable with, to
 critical browser components, and there's the ongoing `about:addons`
 fisasco.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22910>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #22910 [Applications/Tor Browser Sandbox]: Deprecate the volatile extension dir options (was: Deprecate the extra codecs/volatile extension dir options)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22910 [Applications/Tor Browser Sandbox]: Deprecate the extra codecs/volatile extension dir options
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22910 [Applications/Tor Browser Sandbox]: Deprecate the extra codecs/volatile extension dir options
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22910 [Applications/Tor Browser Sandbox]: Deprecate the extra codecs/volatile extension dir options
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #22910 [Applications/Tor Browser Sandbox]: Deprecate the volatile extension dir options
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #22940 [Core Tor/Tor]: prop224: HS revision counter should persist after service reboot
Next by Author: Re: [tor-bugs] #22988 [Internal Services/Service - trac]: Make all trac child tickets have the same headers and inherit fields
Previous by thread: Re: [tor-bugs] #21607 [Applications/Tor Browser]: Investigate WebVR API 1.1 for fingerprinting/linkability risks
Next by thread: Re: [tor-bugs] #22910 [Applications/Tor Browser Sandbox]: Deprecate the extra codecs/volatile extension dir options
Index(es):
- Author
- Thread