On Mon, Jul 16, 2018 at 01:32:19AM +0000, Matthew Finkel wrote:
Hi Everyone,
We'll discuss this at a meeting next Tuesday, 24 July at 15:00 UTC in #tor-meeting on OTFC.
Reminder!
There was some discussion on the tbb-dev@ mailing list, but this meeting will cover the details, implementation plan, roadmap, timeline, etc (maybe we won't have enough time for all of these topics).
Please feel free to join the channel and watch and/or contribute productively. There will be logs available after the meeting, as well.
https://lists.torproject.org/pipermail/tbb-dev/2018-July/000874.html
We'll be discussing the available platform-specific features, some are described (to some extent) in the above thread. Another option that wasn't included was Docker-on-each-OS - at this point, Docker is supported on some versions of Windows, Mac OS X and Linux. However, this doesn't include all OS versions supported by Tor Browser, so we must choose our sandboxing techniques carefully.
I believe we can use/abuse many of the same features used by Docker on these systems when they are available, but we'll need a safe fallback option when they aren't available (while still providing as much protection as we can).
As Tom mentioned in his response on the tbb-dev@ thread, the Windows container features are only available on Windows 10 Professional and Enterprise editions - so we can't rely on them right now. The API is completely undocumented, but we have reference implementations. Containers on Mac OS X are provided through an OS-provided hypervisor layer. This may be an interesting avenue we can explore[0]. On Linux, Sandboxed Tor Browser remains a good example of what we can accomplish.
[0] https://github.com/mist64/xhyve
Thanks, Matt