[tor-talk] TBB, iptables, and seperation of concerns
Fabio Pietrosanti (naif)
lists at infosecurity.ch
Mon Dec 12 08:01:12 UTC 2011
On 12/12/11 7:00 AM, Chris wrote:
> I have a few problems with the TBB.
>
> 1. It isn't in a repository. For security reasons this should be changed.
>
> 2. It merges polipo/Tor together with everything else when Tor should be
> run as a separate user with an unrestricted Internet connection while the
> user should run Firefox (with appropriate settings) under a restricted
> user account with no direct Internet.
IMHO the "Starter" of the TBB should be much more intelligent by providing:
a) decompression of TBB
b) splash logo with progress-bar
c) app-level jailing of various application
For point "c" i mean providing a sort of "app-armor" or "*osx" sandbox
system but at application level with library preloading, directly
managing the security profile from the starter.
That way it could be much portable the "application security" of the system.
-naif
More information about the tor-talk
mailing list