-
- Downloads
Bug 22648: Prevent the "easy" to fix X11 related sandbox escapes.
Per Jann Horn of Google Project Zero, there's a few trivial ways to do horrific things via the X11 socket, because of the X protocol. This hopefully closes some of them off by imposing a whitelist on X11 protocol extensions. Note that it is likely that Firefox can still do horrific things via X11, so this will need to be improved over time, but, as the README.md says: There are several unresolved issues that affect security and fingerprinting. Do not assume that this is perfect, merely "an improvement over nothing".
Showing
- ChangeLog 1 addition, 0 deletionsChangeLog
- src/cmd/sandboxed-tor-browser/internal/sandbox/application.go 37 additions, 5 deletions...cmd/sandboxed-tor-browser/internal/sandbox/application.go
- src/cmd/sandboxed-tor-browser/internal/sandbox/process/process.go 19 additions, 2 deletions...sandboxed-tor-browser/internal/sandbox/process/process.go
- src/cmd/sandboxed-tor-browser/internal/sandbox/x11/surrogate.go 713 additions, 0 deletions...d/sandboxed-tor-browser/internal/sandbox/x11/surrogate.go
- src/cmd/sandboxed-tor-browser/internal/sandbox/x11/x11.go 70 additions, 19 deletionssrc/cmd/sandboxed-tor-browser/internal/sandbox/x11/x11.go
Loading
Please register or sign in to comment