[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #10943 [Tor Messenger]: Sandboxing Instantbird

Subject: Re: [tor-bugs] #10943 [Tor Messenger]: Sandboxing Instantbird
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 21 Jul 2015 21:35:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 21 Jul 2015 17:35:45 -0400
In-reply-to: <047.5248e4ce38b06cf4284692b656e823e4@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.5248e4ce38b06cf4284692b656e823e4@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#10943: Sandboxing Instantbird
-------------------------------+------------------------------------------
     Reporter:  sukhbir        |      Owner:  ioerror
         Type:  task           |     Status:  new
     Priority:  normal         |  Milestone:
    Component:  Tor Messenger  |    Version:
   Resolution:                 |   Keywords:  SponsorO, TorMessengerPublic
Actual Points:                 |  Parent ID:
       Points:                 |
-------------------------------+------------------------------------------

Comment (by ioerror):

 If OZ isn't available for GNU/Linux (eg: not SubgraphOS) - we should
 probably just stick to packaging and using two basic techniques for
 sandboxing (eg: AppArmor and seccomp) at first.

 Ideally, if we do it properly - Tor can be sandboxed with seccomp by
 default (it is already in Tor) and then InstantBird components can be
 sandboxed with seccomp (which we need to add). Then all of this should be
 sandboxed in AppArmor or SELinux policies. With proper isolation, I can
 see a way to totally ensure Tor has very limited abilities (eg: TCP is
 allowed, a single set of directories for read/write, nothing else), while
 InstantBird could even be forbidden from using TCP/IP (by using Socks5
 over Tor's UnixSocket).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10943#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #10943 [Tor Messenger]: Sandboxing Instantbird
Next by Author: Re: [tor-bugs] #2325 [Tor]: Document torrc format
Previous by thread: Re: [tor-bugs] #10943 [Tor Messenger]: Sandboxing Instantbird
Next by thread: Re: [tor-bugs] #10943 [Tor Messenger]: Sandboxing Instantbird
Index(es):
- Author
- Thread