Tor Browser in a Firejail X11 Sandbox by default


It seems that Firejail is going to be installed by default in Whonix 15 so this seems like it’d be a good idea.

Any Xorg window has access to any other Xorg window. This makes it easier for things like keyloggers or screenshot programs that can even record the root password. [1]

Firejail has a way to sandbox these windows with an external X11 server so one window doesn’t have access to another window. It seems that there is only support for Xpra and Xephyr. I prefer Xephyr over Xpra.

Would it be good for Whonix to sandbox the Tor Browser or other programs in an X11 sandbox by default?

There is a guide on X11 sandboxing here

  1. https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html

A quote from @Patrick in another thread:

Though I think the implications are worth researching and asking The Tor Project about if you don’t mind posting on theirTor Browser mailing list.


Worth investing time into X11?
Wayland more suitable?
On the downside XFCE doesn’t support wayland yet.

As for firejail that’s not doable since we don’t have a firejail maintainer, see:

1 Like

Wayland would be much more suitable than X11 but right now X11 is the only choice unless Whonix uses something else as the default DE.

I’ll research into if there are any fingerprinting issues with firejail.

I would volunteer to maintain firejail but I don’t have any experience with that.

1 Like

Yes. It’s going to be a looong time before the wayland problems are ironed out and the protocol gains the needed extension and then have the necessary libs baked in to XFCE:

When Wayland comes along I don’t believe GUI isolation needs to be explicitly handled by firejail since it is all done properly by the compositor?