Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Version of Sandboxed Tor Browser Available (bleepingcomputer.com)

Posted by BeauHD on from the separate-entity dept.

An anonymous reader writes: To protect Tor users from FBI hacking tools that include all sorts of Firefox zero-days, the Tor Project started working on a sandboxed version of the Tor Browser in September. Over the weekend, the Tor Project released the first alpha version of the sandboxed Tor Browser. "Currently, this version is in an early alpha stage, and only available for Linux," reports BleepingComputer. "There are also no binaries available, and users must compile it themselves from the source code, which they can grab from here." The report notes: "Sandboxing is a security mechanism employed to separate running processes. In computer security, sandboxing an application means separating its process from the OS, so vulnerabilities in that app can't be leveraged to extend access to the underlying operating system. This is because the sandboxed application works with its own separate portion of disk and memory that isn't linked with the OS."

3 of 28 comments (clear)

  1. Re:Interesting... by Andreas+Mayer · · Score: 4, Informative

    Accessing stuff outside the sandbox becomes either complicated or completely impossible.

    Complicated can mean less convenient for the user and/or more work for the developer, e.g. more expensive.

    As an example, on iOS each and every app is sandboxed. That's one reason there are things which are common with desktop operating systems, but virtually impossible on iOS. Like a simple file browser - an app per default only has access to files in its own sandbox. You simply can't get at files of other apps. To mitigate that either the OS has to hand out access to individual files (like with the photo library) or files need to be copied from one sandbox to the other.

  2. Re:Interesting... by dottrap · · Score: 4, Informative

    Apple also has sandboxing for Mac apps and every Mac App Store app is required to use it. Non-MAS apps can enable it when signing with Developer ID (which also makes GateKeeper happy).

    The Mac file browser is now a special process that is designed to work with the sandbox. When you user uses the system file panels in a Mac app, it is treated as an explicit opt-in to tell the sandbox that the user has granted permission to access the file.

    For most apps, this sandboxing system works very well and everybody should be using something like this.

    Building a sandboxed Tor browser on Mac should be a straight forward thing and I hope is a short-term goal for Tor.

  3. Re:git sucks just like all new opensource by manu0601 · · Score: 3, Informative

    You are looking for the autoconf package. While there, also install automake and libtool, as there are little chance you will not need them.