[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Sandboxed Tor Browser: FireJail vs BubbleWrap for TB Some questions

Hello, Sandboxed Tor Browser was a great project that was closed, I think they should integrate an official sandbox and even was discussed on tor dev maillists but that was it, no more info.

Since TBB 8 was broken in the Sandboxed Tor Browser I made a fork and by disabling seccomp I made it work, and it’s still working. Check my GitHub
I updated some things to keep it working too.

A little sandbox like this, using BubbleWrap is always safer than no using anything.

Now, I see in the latest Whonix 15 release there is no sandbox/apparmor/firejail for Tor Browser, I think you are working on this, is that right?

Now, Sandboxed using BubbleWrap (BWrap) is making some kind of network isolation like Whonix: one container for TB and one for Tor and TB can only exit to the network connecting to the Tor container.
The question I have is: Can we build with Firejail something like that? I know Firejail profiles are sandboxed/containers and you can deny access to network, but, can you tell FIrejail to only allow connections to Tor process running inside other Firejail sandbox and deny any other network?

BTW, BubbleWrap is not installed by default on Whonix.

AppArmor profiles can be gotten by installing apparmor-profiles-hardened-debian. See https://www.whonix.org/wiki/AppArmor. Currently, there is no sandboxing program.

This can probably be done via messing with network namespaces.

You can configure Firejail to only allow traffic out of a certain network interface by using net (interface).

In theory, you can create a network namespace using ip netns, create a veth link, run the Tor process in a firejail sandbox inside the network namespace and configure firejail to only allow traffic to go through the veth link for the browser part.

Probably something similar to orjail.

1 Like

Firefox now includes native sandboxing as part of its E10 project. Using something like Firejail has implications for fingerprinting.

Firefox’s native sandboxing is pretty weak. Especially when compared to something like Chromium’s.

cypherbits via Whonix Forum:

Now, I see in the latest Whonix 15 release there is no sandbox/apparmor/firejail for Tor Browser, I think you are working on this, is that right?

No. Reason: lack of resources

Now, Sandboxed using BubbleWrap (BWrap) is making some kind of network isolation like Whonix: one container for TB and one for Tor and TB can only exit to the network connecting to the Tor container.
The question I have is: Can we build with Firejail something like that? I know Firejail profiles are sandboxed/containers and you can deny access to network, but, can you tell FIrejail to only allow connections to Tor process running inside other Firejail sandbox and deny any other network?

Note, no Tor is running in Whonix-Workstation.

1 Like

Yeah sure, if you can call that a sandbox… then why Whonix exists? xDD I’m talking about a container-based sandbox where the Browser cannot escape or reach the network if a 0day vuln is exploited.

@Patrick maybe I could join the development team in some months and help Whonix project, I will se if I have time to do it.