[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20989 [Applications/Tor Browser]: browser sandbox profile too restrictive on OSX 10.12.2
#20989: browser sandbox profile too restrictive on OSX 10.12.2
-------------------------------------------------+-------------------------
Reporter: mcs | Owner: mcs
Type: defect | Status:
| needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, tbb-sandboxing, | Actual Points:
TorBrowserTeam201612 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by mcs):
Replying to [comment:3 mactoruser]:
> There are no 3d party system extensions, I use the 2016 Macbook Pro 15'
(with the Touch Bar)
> so that is what com.apple.inputmethod.EmojiFunctionRowItem is.
> Not sure about
file://localhost/Library/Preferences/com.apple.ViewBridge.plist but why
Tor Browser needs it anyway?
It is difficult to know, but it may be related to the Touch Bar.
> I hope there is a way to make this input method blocked in TorBrowser,
since the way I see it it's just another potential fingerprinting issue of
users with Touch Bar.
It is unclear whether webpages can tell that the Touch Bar is available,
but if they can there may be a fingerprinting issue.
> The Tor Browser window opens but Tor button is red, like when the Tor
Daemon is down.
> Nothing loads obviosuly.
>
> Maybe this can help?
>
https://webkit.googlesource.com/WebKit/+/master/Source/WebKit2/Resources/PlugInSandboxProfiles/com.apple.WebKit
.plugin-common.sb
>
> Chromium has this plist in this array:
> ;; Open and Save panels
> (define (webkit-powerbox)
> (allow file-read* (literal
"/Library/Preferences/com.apple.ViewBridge.plist"))
> ...
Thanks! Are you willing to do some experiments for us? First, remove the
following lines from tb.sb (otherwise, a new browser profile is created
each time, which is not good):
{{{
; Disallow writes to the profiles ini file.
(deny file-write*
(torbrowser-data-dir-subpath "/Browser/profiles.ini")
)
}}}
Then remove your TorBrowser-Data/Browser directory to delete any extra
profiles.
Next, see what happens if you add the following line to tb.sb:
(allow file-read* (literal
"/Library/Preferences/com.apple.ViewBridge.plist"))
If you still cannot visit any websites using the browser, edit your
prefs.js file (TorBrowser-Data/Browser/*.default/prefs.js) and add the
following lines:
{{{
user_pref("extensions.torbutton.loglevel", 0);
user_pref("extensions.torbutton.logmethod", 0);
user_pref("extensions.torlauncher.loglevel", 0);
user_pref("extensions.torlauncher.logmethod", 0);
}}}
Then share the `./start-tor-with-sandbox` and `./start-browser-with-
sandbox` output with us.
One final thing to do is to open the macOS Console application and look
for messages that contain `SandboxViolation`.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20989#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs