Feature #6081
Sandbox Tor
Start date:
Due date:
% Done:
100%
Description
Tor probably has one the biggest attack surface exposed by Tails to a network attacker. It also knows the IP that’s being used to connect to the Internet. Therefore, anything is welcome to make it harder, for an attacker, to escalate from “Tor exploited” to “whole system under’s attacker control” or deanonymization.
When a container-based solution becomes a viable, secure solution for creating isolated jails, the chroot approach used by the unsafe browser will be easily adaptable to contain Tor.
Alternatively, AppArmor confinement should be considered.
Subtasks
History
#1 Updated by intrigeri 2013-10-03 08:21:54
- Type of work changed from Wait to Code
- Starter set to No
#2 Updated by intrigeri 2013-12-18 11:34:28
- Subject changed from contain Tor to Sandbox Tor
#3 Updated by intrigeri 2014-10-05 06:14:33
- blocks deleted (
)Feature #6178: Evaluate current state of Linux namespaces
#4 Updated by intrigeri 2014-10-05 06:14:57
- Status changed from Confirmed to In Progress
- Assignee set to intrigeri
- Target version changed from Hardening_M1 to Tails_1.2
- % Done changed from 0 to 50
- Feature Branch set to feature/apparmor
#5 Updated by intrigeri 2014-10-05 06:18:06
- related to deleted (
)Feature #5385: Have 3 AppArmor profiles in enforce mode
#6 Updated by intrigeri 2014-10-05 06:18:33
- Parent task set to
Feature #8004
#7 Updated by intrigeri 2014-10-06 05:28:41
- Assignee deleted (
intrigeri) - QA Check set to Ready for QA
#8 Updated by anonym 2014-10-08 03:54:27
- Status changed from In Progress to Fix committed
- % Done changed from 50 to 100
- QA Check changed from Ready for QA to Pass
#9 Updated by anonym 2014-10-16 08:10:26
- Status changed from Fix committed to Resolved