"tb_hardening=true" enables what functions?

Greetings everyone,

Forgive me if this is documented somewhere that I missed but I did try a search. Exactly what functions start with the Tor Browser Hardening command “tb_hardening=true”? I believe it enables “hardened malloc”, but does it also auto start firejail? Thanks for any insight.

Hi ThatNewDude

Setting tb_hardened=true enables both hardened malloc and Firejail for Tor Browser. Keep in mind that Tor Browser hardening (tb_hardened=true) has not landed in the stable repository yet. So there will be no benefit unless your using the testers repository.

https://whonix.org/wiki/Whonix-Workstation_Security#Firejail

2 Likes

Thanks for the help. I did go to the /wiki/Hardened_Malloc page and do the install. It did not mention the testers repository by name, but mentioned “Whonix and [Kicksecure ] APT repository”. I couldn’t see any notification whether Firejail was running when I started the Tor Browser after that install. That led to my post. Just wondering whether I did it correctly. Thanks again!

Firejail and hardend malloc are separate packages. The testers repository only applies to Tor Browser “tb_hardened=true”. Don’t try to enable the testers repository for normal use. Its only for testers at this point.

You can follow the documentation to install hardened malloc and Firejail separately. Follow the links I provided to install those packages from the stable repository. All information you’ll need can be found on those wiki pages.

You can also search the Whonix forum for more information to enable Firejail for Tor Browser.

Related:

2 Likes

Btw Hardened Malloc for Tor Browser does mostly not work and will be removed from automatically adding to Tor Browser even when using hardening option soon.

As discussed in the following post and subsequent posts:

2 Likes

Makes sense since it would need upsream compilation for it to work.

1 Like
1 Like