|
|
= About =
|
|
|
# About
|
|
|
AppArmor Profile for TBB.
|
|
|
|
|
|
AppArmor is a Linux MAC. It is enabled by default in Ubuntu.
|
|
|
|
|
|
= Discussion =
|
|
|
# Discussion
|
|
|
The primary goal of confining TBB is to prevent an exploit in Firefox to leak the IP address. Is this even possible?
|
|
|
|
|
|
Do we need something like http://rudy.mif.pg.gda.pl/~bogdro/soft/#lhip ?
|
... | ... | @@ -11,19 +11,19 @@ Do we need something like http://rudy.mif.pg.gda.pl/~bogdro/soft/#lhip ? |
|
|
Even without that, AppArmor still is useful. For example you can easily protect files in your home folder and prevent persistent exploitation.
|
|
|
|
|
|
|
|
|
= Prior Work =
|
|
|
# Prior Work
|
|
|
|
|
|
* http://permalink.gmane.org/gmane.network.tor.user/22024
|
|
|
* http://pastebin.com/La6C8tZJ Profile for TBB (Firefox, Vidalia, tor)
|
|
|
* http://pastebin.com/0Ycn4Bgy Profile for Pidgin
|
|
|
|
|
|
= Preparation =
|
|
|
# Preparation
|
|
|
|
|
|
Source: https://help.ubuntu.com/community/AppArmor#Creating_a_new_profile
|
|
|
|
|
|
sudo apt-get install apparmor-utils
|
|
|
|
|
|
= Create Profiles =
|
|
|
# Create Profiles
|
|
|
sudo aa-genprof tor-browser_en-US/App/vidalia
|
|
|
|
|
|
sudo aa-genprof tor-browser_en-US/App/tor
|
... | ... | @@ -34,12 +34,12 @@ Profiles are stored in: |
|
|
|
|
|
/etc/apparmor.d/
|
|
|
|
|
|
= pastebin backup =
|
|
|
(adrelanos) Before it gets purged from pastebin someday, I made a backup on github, but don't plan development: [[BR]]
|
|
|
# pastebin backup
|
|
|
(adrelanos) Before it gets purged from pastebin someday, I made a backup on github, but don't plan development:
|
|
|
|
|
|
https://github.com/adrelanos/Inoffical-TBB-AppArmor
|
|
|
|
|
|
{{{
|
|
|
#!html
|
|
|
```
|
|
|
<a href="https://github.com/adrelanos/Inoffical-TBB-AppArmor"><img style="position: absolute; top: 0; right: 0; border: 0;" src="https://s3.amazonaws.com/github/ribbons/forkme_right_red_aa0000.png" alt="Fork me on GitHub"></a>
|
|
|
}}}
|
|
|
```
|
|
|
|