search

Kicksecure / apparmor-profile-torbrowser

AppArmor profile for The Tor Browser Bundle (TBB) - https://www.whonix.org/wiki/AppArmor - for better security (hardening).
https://www.whonix.org/wiki/Impressum
Other
18 stars 17 forks source link

Potential side channel #13

Open nobody43 opened 1 year ago

nobody43 commented 1 year ago

https://github.com/Kicksecure/apparmor-profile-torbrowser/blob/f70f61ed101002f72fa33ff0c746a492c6887ce6/etc/apparmor.d/home.tor-browser.firefox#L101 This rule brings potential side channel (W^X violation).

I recommend to granularize it to, at least, firefox{.real,}, tor and updater profiles.

And why it needs to read home folder? There might be passwords.

nobody43 commented 1 year ago

Also, abstractions/user-download is freaking huge.

adrelanos commented 1 year ago

Also, abstractions/user-download is freaking huge.