[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #20773 [Applications/Tor Browser Sandbox]: Stop mounting `/proc` in the various containers once this is feasable.

Subject: [tor-bugs] #20773 [Applications/Tor Browser Sandbox]: Stop mounting `/proc` in the various containers once this is feasable.
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 26 Nov 2016 00:05:53 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 25 Nov 2016 19:06:18 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20773: Stop mounting `/proc` in the various containers once this is feasable.
--------------------------------------------------+---------------------
     Reporter:  yawning                           |      Owner:  yawning
         Type:  enhancement                       |     Status:  new
     Priority:  Medium                            |  Milestone:
    Component:  Applications/Tor Browser Sandbox  |    Version:
     Severity:  Normal                            |   Keywords:
Actual Points:                                    |  Parent ID:
       Points:                                    |   Reviewer:
      Sponsor:                                    |
--------------------------------------------------+---------------------
 All three containers currently used by `sandboxed-tor-browser` (tor,
 firefox, and the updater) currently mount `/proc`.  Once it's been
 verified that relevant versions of the software shipped do not require
 such, this mount should be removed to reduce fingerprinting and to close
 an attack vector.

 In the mean time, stopgap solutions such as AppArmor could be investigated
 as well, though that is not a good long term solution as it is not
 ubiquitous.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20773>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #20773 [Applications/Tor Browser Sandbox]: Stop mounting `/proc` in the various containers once this is feasable.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20773 [Applications/Tor Browser Sandbox]: Stop mounting `/proc` in the various containers once this is feasable.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20773 [Applications/Tor Browser Sandbox]: Stop mounting `/proc` in the various containers once this is feasable.
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #20773 [Applications/Tor Browser Sandbox]: Stop mounting `/proc` in the various containers once this is feasable.
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #20680 [Applications/Tor Browser]: Rebase Tor Browser patches to 52 ESR
Next by Author: Re: [tor-bugs] #20723 [Metrics/CollecTor]: Fix torperf file download from moria
Previous by thread: Re: [tor-bugs] #20772 [Applications/Tor Browser]: src="data:< ; base64 images rendered when "Show images"="Blocked"
Next by thread: Re: [tor-bugs] #20773 [Applications/Tor Browser Sandbox]: Stop mounting `/proc` in the various containers once this is feasable.
Index(es):
- Author
- Thread