Project

General

Profile

Feature #6081

Feature #8004: Basic AppArmor support

Sandbox Tor

Added by Tails almost 6 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
Due date:
% Done:

100%

Feature Branch:
feature/apparmor
Type of work:
Code
Blueprint:
Starter:
No
Affected tool:

Description

Tor probably has one the biggest attack surface exposed by Tails to a network attacker. It also knows the IP that's being used to connect to the Internet. Therefore, anything is welcome to make it harder, for an attacker, to escalate from "Tor exploited" to "whole system under's attacker control" or deanonymization.

When a container-based solution becomes a viable, secure solution for creating isolated jails, the chroot approach used by the unsafe browser will be easily adaptable to contain Tor.

Alternatively, AppArmor confinement should be considered.

History

#1 Updated by intrigeri over 5 years ago

  • Type of work changed from Wait to Code
  • Starter set to No

#2 Updated by intrigeri over 5 years ago

  • Subject changed from contain Tor to Sandbox Tor

#3 Updated by intrigeri over 4 years ago

  • Blocked by deleted (Feature #6178: Evaluate current state of Linux namespaces)

#4 Updated by intrigeri over 4 years ago

  • Status changed from Confirmed to In Progress
  • Assignee set to intrigeri
  • Target version changed from Hardening_M1 to Tails_1.2
  • % Done changed from 0 to 50
  • Feature Branch set to feature/apparmor

#5 Updated by intrigeri over 4 years ago

  • Related to deleted (Feature #5385: Have 3 AppArmor profiles in enforce mode)

#6 Updated by intrigeri over 4 years ago

  • Parent task set to #8004

#7 Updated by intrigeri over 4 years ago

  • Assignee deleted (intrigeri)
  • QA Check set to Ready for QA

#8 Updated by anonym over 4 years ago

  • Status changed from In Progress to Fix committed
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

#9 Updated by anonym over 4 years ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF