Skip to content
GitLab
Explore
Sign in
This is an archived project. Repository and other project resources are read-only.
Legacy
Trac
Wiki
Doc
AppArmorForTBB
AppArmorForTBB
· Changes
Page history
Raw import from Trac using Trac markup language.
authored
Jun 15, 2020
by
Alexander Færøy
Hide whitespace changes
Inline
Side-by-side
doc/AppArmorForTBB.md
0 → 100644
View page @
53a16e3a
= About =
AppArmor Profile for TBB.
AppArmor is a Linux MAC. It is enabled by default in Ubuntu.
= Discussion =
The primary goal of confining TBB is to prevent an exploit in Firefox to leak the IP address. Is this even possible?
Do we need something like http://rudy.mif.pg.gda.pl/~bogdro/soft/#lhip ?
Even without that, AppArmor still is useful. For example you can easily protect files in your home folder and prevent persistent exploitation.
= Prior Work =
*
http://permalink.gmane.org/gmane.network.tor.user/22024
*
http://pastebin.com/La6C8tZJ Profile for TBB (Firefox, Vidalia, tor)
*
http://pastebin.com/0Ycn4Bgy Profile for Pidgin
= Preparation =
Source: https://help.ubuntu.com/community/AppArmor#Creating_a_new_profile
sudo apt-get install apparmor-utils
= Create Profiles =
sudo aa-genprof tor-browser_en-US/App/vidalia
sudo aa-genprof tor-browser_en-US/App/tor
sudo aa-genprof tor-browser_en-US/App/Firefox/firefox
Profiles are stored in:
/etc/apparmor.d/
= pastebin backup =
(adrelanos) Before it gets purged from pastebin someday, I made a backup on github, but don't plan development: [[BR]]
https://github.com/adrelanos/Inoffical-TBB-AppArmor
{{{
#!html
<a
href=
"https://github.com/adrelanos/Inoffical-TBB-AppArmor"
><img
style=
"position: absolute; top: 0; right: 0; border: 0;"
src=
"https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png"
alt=
"Fork me on GitHub"
></a>
}}}