sandboxed-tor-browser

module

v0.19.0 Latest Latest Go to latest Published: Jan 31, 2019 License: AGPL-3.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cypherbits/sandboxed-tor-browser

Links

Open Source Insights

README ¶

sandboxed-tor-browser

Original developer: Yawning Angel (yawning at schwanenlied dot me)

About this repository: I'm not an expert, but I will try to maintain a usable Sandboxed Tor Browser. I think even a bad sandbox is better than no sandbox at all. Any help is welcomed and wanted. Contact: juanjo at avanix dot es

This project aims to be compatible with new Tor Browser 8.0 with Firefox 60 ESR. This is already working in the latest version 0.0.18.

Tor Browser sandboxed somewhat correctly using bubblewrap. Obviously only works on Linux, and will NEVER support anything else since sandboxing is OS specific.

There are several unresolved issues that affect security and fingerprinting. Do not assume that this is perfect, merely "an improvement over nothing".

Runtime dependencies:

A modern Linux system on x86_64 architecture.
bubblewrap >= 0.1.3 (https://github.com/projectatomic/bubblewrap).
Gtk+ >= 3.14.0
(Optional) PulseAudio
(Optional) Adwaita Gtk+-2.0 theme
(Optional) libnotify and a Desktop Notification daemon

Build time dependencies:

Make
A C compiler
gb (https://getgb.io/ Yes I know it's behind fucking cloudflare)
Go (Tested with 1.7.x)
libnotify

Things that the sandbox breaks:

Audio (Unless allowed via the config)
DRI
X11 input methods (IBus requires access to the host D-Bus)
Installing addons (Addons are whitelisted)
Tor Browser's updater (launcher handles keeping the bundle up to date)

Places where the sandbox could be better:

The updater container still mounts /proc.
PulseAudio is likely unsafe without a protocol filter like X11.
X11 is still X11, and despite mitigations is likely still unsafe.

Upstream Bugs:

Tor Browser should run without a /proc filesystem, worked around in the worst possible way. (https://bugs.torproject.org/20283)
OpenGL software rendering is broken on certain Linux systems. (https://bugs.torproject.org/20866)

Notes:

Follows the XDG Base Dir specification.
Questions that could be answered by reading the code will be ignored.
Unless you're capable of debugging it, don't use it, and don't contact me about it.
By default the sandbox ~/Desktop and ~/Downloads directories are mapped to the host ~/.local/share/sandboxed-tor-browser/tor-browser/Browser/[Desktop,Downloads] directories.
https://git.schwanenlied.me/yawning/sandboxed-tor-browser/wiki has something resembling build instructions, that may or may not be up to date.

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
src
cmd/sandboxed-tor-browser
cmd/sandboxed-tor-browser/internal/data Package data includes various static assets embedded in the binary.	Package data includes various static assets embedded in the binary.
cmd/sandboxed-tor-browser/internal/dynlib Package dynlib provides routines for interacting with the glibc ld.so dynamic linker/loader.	Package dynlib provides routines for interacting with the glibc ld.so dynamic linker/loader.
cmd/sandboxed-tor-browser/internal/installer Package installer contains routines used for installing and or updating Tor Browser.	Package installer contains routines used for installing and or updating Tor Browser.
cmd/sandboxed-tor-browser/internal/sandbox Package sandbox handles launching applications in a sandboxed enviornment via bubblwrap.	Package sandbox handles launching applications in a sandboxed enviornment via bubblwrap.
cmd/sandboxed-tor-browser/internal/sandbox/process Package process contains a wrapper around a running bwrap instance, and is in a separate package just to break an import loop.	Package process contains a wrapper around a running bwrap instance, and is in a separate package just to break an import loop.
cmd/sandboxed-tor-browser/internal/sandbox/x11 Package x11 contains the X11 sandbox surrogate and other X11 related sandboxing routines.	Package x11 contains the X11 sandbox surrogate and other X11 related sandboxing routines.
cmd/sandboxed-tor-browser/internal/socks5 Package socks5 implements a SOCKS5 client/server.	Package socks5 implements a SOCKS5 client/server.
cmd/sandboxed-tor-browser/internal/tor Package tor provides an interface for controlling and using a tor daemon.	Package tor provides an interface for controlling and using a tor daemon.
cmd/sandboxed-tor-browser/internal/ui Package ui provides common functions and interfaces for the sandboxed-tor-browser user interfaces.	Package ui provides common functions and interfaces for the sandboxed-tor-browser user interfaces.
cmd/sandboxed-tor-browser/internal/ui/async Package async provides an async task struct to allow the UI to run background tasks.	Package async provides an async task struct to allow the UI to run background tasks.
cmd/sandboxed-tor-browser/internal/ui/config Package config handles the launcher configuration.	Package config handles the launcher configuration.
cmd/sandboxed-tor-browser/internal/ui/gtk Package gtk implements a Gtk+ user interface.	Package gtk implements a Gtk+ user interface.
cmd/sandboxed-tor-browser/internal/ui/notify Package notify interfaces with the Destop Notification daemon, as defined by the desktop notifications spec, via the libnotify library.	Package notify interfaces with the Destop Notification daemon, as defined by the desktop notifications spec, via the libnotify library.
cmd/sandboxed-tor-browser/internal/utils Package utils provides misc.	Package utils provides misc.