[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #22000 [Applications/Tor Browser]: update OSX browser sandbox profile for e10s

Subject: Re: [tor-bugs] #22000 [Applications/Tor Browser]: update OSX browser sandbox profile for e10s
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 12 May 2017 21:16:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 12 May 2017 17:16:26 -0400
In-reply-to: <045.0580962f900d19240688fe3747818635@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.0580962f900d19240688fe3747818635@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22000: update OSX browser sandbox profile for e10s
-------------------------------------------------+-------------------------
 Reporter:  brade                                |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  ff52-esr, tbb-security, tbb-         |  Actual Points:
  sandboxing, tbb-e10s,tbb-7.0-must-             |
  alpha,TorBrowserTeam201705                     |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
                                                 |  Sponsor4
-------------------------------------------------+-------------------------

Comment (by mcs):

 Kathy and I were hoping to come up with a quick fix for this ticket, but
 it turns out that nesting of sandbox configs is not supported on OSX. That
 means that we either need to disable Mozilla's content process sandbox or
 we need to disable our sandbox. Since it seems like there may be a way in
 our sandbox profile to say "allow exec of this specific executable and
 start it without a sandbox" and since (hopefully) Mozilla enables their
 sandbox as early as possible, the second approach is probably the one to
 use. In other words, our tb.sb profile would apply to the chrome process
 and Mozilla's built in content process sandbox rules would apply to the
 content/tab process. But we should look and see what we are giving up if
 we do that, e.g., what does Mozilla allow that we don't want to allow?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22000#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #1922 [Core Tor/Tor]: torrc.d-style configuration directories
Next by Author: Re: [tor-bugs] #22306 [Core Tor/DirAuth]: Dir auths should consider changing their cbttestfreq param vote
Previous by thread: Re: [tor-bugs] #22000 [Applications/Tor Browser]: update OSX browser sandbox profile for e10s
Next by thread: Re: [tor-bugs] #22000 [Applications/Tor Browser]: update OSX browser sandbox profile for e10s
Index(es):
- Author
- Thread