#28147: [meta] Improve Tor Browser Content Process Sandbox --------------------------------------+-------------------------- Reporter: tom | Owner: tbb-team Type: defect | Status: new Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: #28146 | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------
Comment (by tom): Replying to [comment:1 gk]: > Are there corresponding Mozilla bugs somewhere because it seems to me that this sandbox tightening is something (privacy-conscious) Firefox users (with proxy) would maybe want to have as well? E.g. should there be no way to steal Android device information that way from within the content process regardless of whether Tor is used or not. Generally, no. So far all of the things I've listed here are things we've made to support some feature of another. It's possible (but unlikely) that they could be dead code that we could remove, but AFAIK there are no corresponding Mozilla bugs to do what Tor wants, because it's going to conflict with what Mozilla wants. My suggestion would be that as each sub-item is investigated, we see what the use of the item is in Firefox, and determine if there is a way to tighten the IPC layer in Firefox either generally or under certain (existing) preferences. (With a fallback to some new preference or preferences.) That would be the easiest way to upstream the behavior Tor wants. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28147#comment:2> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs