[tor-bugs] #7008 [Tor bundles/installation]: Have a sandbox in TBB that can run Flash safely
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Oct 2 11:49:44 UTC 2012
#7008: Have a sandbox in TBB that can run Flash safely
--------------------------------------+-------------------------------------
Reporter: arma | Owner: mikeperry
Type: project | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: SponsorJ | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by trams):
Flash runs outside the main firefox browser, in the plugin-container
process. This is good from a sandboxing pov, as it makes it easier to
enforce a sandbox that only affects Flash, or to create different
sandboxes making it harder for flash to compromise the browser.
Note that flash is already sandboxed on windows/ff; see
https://blogs.adobe.com/asset/2012/06/inside-flash-player-protected-mode-
for-firefox.html
Flash sandboxes was also under scrutiny during blackhat, where a
presentation on the subject was held:
http://media.blackhat.com/bh-
us-12/Briefings/Sabanal/BH_US_12_Sabanal_Digging_Deep_Slides.pdf
For OSX: quite tricky. We need to create a wrapper ( that is a proxy for
mach-ipc: ^org.mozilla.machname.*) or fork the plugin-container process to
do a sandbox_init function call. Developing the sandbox profile from there
is straight forward, and quite easy.
For Linux: Either fork plugin-container and do seccomp + friends, or use
selinux/apparmor to constrain the process, or do both.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7008#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list