Project

General

Profile

Bug #9558

Bug #9534: Tighten AppArmor policy

Bug #9756: Tighten AppArmor policy, phase 1

Tor Browser confinement allows downloading to /tmp

Added by mercedes508 over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
06/11/2015
Due date:
% Done:

100%

Feature Branch:
bugfix/9558-deny-tmp-to-tor-browser
Type of work:
Code
Blueprint:
Starter:
Affected tool:
Browser

Description

By settings the path (e.g. /tmp/file) it's possible to download files from Tor Browser to /tmp directory. It's expected because our torbrowser profile loads the gnome abstraction, that itself loads the user-tmp one. Do we want that? Can we do differently without breaking the browser?


Related issues

Related to Tails - Bug #10141: Document how to workaround the fact that the TBB 'Print preview' is blank Resolved 09/01/2015

Associated revisions

Revision 51c00606 (diff)
Added by intrigeri about 4 years ago

Deny Tor Browser access to global tmp directories.

Will-fix: #9558

Revision a1fd1f0f (diff)
Added by intrigeri about 4 years ago

Give Tor Browser its own $TMPDIR, in its profile directory.

By default, it uses /tmp/, but we want to deny it access to there.

Will-fix: #9558

Revision e2b338cc
Added by bertagaz about 4 years ago

Merge branch 'bugfix/9558-deny-tmp-to-tor-browser' into devel

Fix-committed: #9558

History

#1 Updated by intrigeri over 4 years ago

  • Target version set to Tails_1.5
  • Affected tool set to Browser

#2 Updated by intrigeri over 4 years ago

  • Description updated (diff)

#3 Updated by intrigeri over 4 years ago

  • Subject changed from Tor Browser confinement allow downloading to /tmp to Tor Browser confinement allows downloading to /tmp

#4 Updated by intrigeri about 4 years ago

  • Status changed from Confirmed to In Progress

#6 Updated by intrigeri about 4 years ago

  • % Done changed from 0 to 50
  • Feature Branch set to bugfix/9558-deny-tmp-to-tor-browser
  • Type of work changed from Research to Code

#7 Updated by intrigeri about 4 years ago

  • Assignee deleted (intrigeri)
  • QA Check set to Ready for QA

Passes these automated tests: torified_browsing.feature tor_stream_isolation.feature windows_camouflage.feature usb_install.feature pidgin.feature. Please review'n'merge. Some manual testing would be welcome, though: exporting a custom TMPDIR might have unexpected adverse consequences.

#8 Updated by bertagaz about 4 years ago

  • Assignee set to bertagaz

#9 Updated by bertagaz about 4 years ago

  • Status changed from In Progress to Fix committed
  • % Done changed from 50 to 100

#10 Updated by bertagaz about 4 years ago

  • Assignee deleted (bertagaz)
  • QA Check changed from Ready for QA to Pass

Run the features that use the Tor Browser, and they all passed.

Manually tested the Tor Browser, with different TMPDIR settings, and it works as expected.

Merged, thanks!

#11 Updated by intrigeri about 4 years ago

  • Parent task changed from #9534 to #9756

#12 Updated by BitingBird about 4 years ago

  • Status changed from Fix committed to Resolved

#13 Updated by intrigeri about 4 years ago

  • Related to Bug #10141: Document how to workaround the fact that the TBB 'Print preview' is blank added

Also available in: Atom PDF