Feature #6081
Feature #8004: Basic AppArmor support
Sandbox Tor
Start date:
Due date:
% Done:
100%
Feature Branch:
feature/apparmor
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:
Description
Tor probably has one the biggest attack surface exposed by Tails to a network attacker. It also knows the IP that's being used to connect to the Internet. Therefore, anything is welcome to make it harder, for an attacker, to escalate from "Tor exploited" to "whole system under's attacker control" or deanonymization.
When a container-based solution becomes a viable, secure solution for creating isolated jails, the chroot approach used by the unsafe browser will be easily adaptable to contain Tor.
Alternatively, AppArmor confinement should be considered.
History
#1 Updated by intrigeri almost 6 years ago
- Type of work changed from Wait to Code
- Starter set to No
#2 Updated by intrigeri over 5 years ago
- Subject changed from contain Tor to Sandbox Tor
#3 Updated by intrigeri almost 5 years ago
- Blocked by deleted (Feature #6178: Evaluate current state of Linux namespaces)
#4 Updated by intrigeri almost 5 years ago
- Status changed from Confirmed to In Progress
- Assignee set to intrigeri
- Target version changed from Hardening_M1 to Tails_1.2
- % Done changed from 0 to 50
- Feature Branch set to feature/apparmor
#5 Updated by intrigeri almost 5 years ago
- Related to deleted (Feature #5385: Have 3 AppArmor profiles in enforce mode)
#6 Updated by intrigeri almost 5 years ago
- Parent task set to #8004
#7 Updated by intrigeri almost 5 years ago
- Assignee deleted (
intrigeri) - QA Check set to Ready for QA
#8 Updated by anonym almost 5 years ago
- Status changed from In Progress to Fix committed
- % Done changed from 50 to 100
- QA Check changed from Ready for QA to Pass
#9 Updated by anonym almost 5 years ago
- Status changed from Fix committed to Resolved