Hi everyone!
I know we have a few people on this list who use OSX 10.9 and also that many of you have been very helpful with testing lately. If you're bored with just running my fantastic bundles, this could be a new fun project for you to test. Andreas has made some sandbox profiles for OSX 10.9 + TBB 3.0 and it would be great if he could get some feedback on them. It doesn't need to be anything complex -- just "this makes my TBB behave funny in ways I don't understand" would be meaningful for a start.
For anyone not yet on 10.9, I believe he will be working to extend the sandboxes to other versions soon.
I'd really appreciate it if you could help him out! Feel free to follow up on list with questions or comments.
Erinn
----- Forwarded message from Andreas Jonsson andreas@romab.com -----
Date: Sat, 16 Nov 2013 19:53:13 +0100 From: Andreas Jonsson andreas@romab.com To: tor-talk@lists.torproject.org Subject: [tor-talk] OSX sandbox available for tbb3 (10.9 only)
Hi list,
There is now an initial sandboxed tbb3 ready for testing. Currently, only OSX 10.9 is supported, but making it work all the way down to 10.6 is not unlikely.
Downloads and uploads: only from your downloads-directory
Stuff not working in this release: Flash
You can get the release here: https://github.com/trams242/tor-browser-bundle
The specific 'release' so to speak is available here: https://github.com/trams242/tor-browser-bundle/releases
To use the release you will need to have TBB3 somewhere, i tested with TorBrowserBundle-3.0-beta-1-osx32_en-US.zip. Will probably not work with older releases.
/andreas
On 2013-11-18 19:57, Erinn Clark wrote:
Hi everyone!
I know we have a few people on this list who use OSX 10.9 and also that many of you have been very helpful with testing lately. If you're bored with just running my fantastic bundles, this could be a new fun project for you to test. Andreas has made some sandbox profiles for OSX 10.9 + TBB 3.0 and it would be great if he could get some feedback on them. It doesn't need to be anything complex -- just "this makes my TBB behave funny in ways I don't understand" would be meaningful for a start.
For anyone not yet on 10.9, I believe he will be working to extend the sandboxes to other versions soon.
I'd really appreciate it if you could help him out! Feel free to follow up on list with questions or comments.
Erinn
Hi list.
As I do not really know what your acceptable tradeoff levels are for security vs convenience, I would really appreciate the feedback.
I would also like to add that it is OK to also complain about workflow things breaking. Please also rate how important this is for you, if you feel ok to do so :-)
Examples: Tbb do not longer allow drag-and-drop Tbb do not allow me view previews of files in the "open file"-dialog Tbb only allows me to save and upload files, but i want it to also handle my external drive/thumb drive.
Be aware of that the sandbox is in debug mode, so it logs a bit more than it will once it is done.
Very hard to troubleshoot why it isnt working properly unless it is in debug mode :) (log file is /var/log/system.log), should anyone be curious. If this is problematic/show stopper/undesirable, i will create a new release with no debug.
BR andreas
* Andreas Jonsson andreas@romab.com [2013:11:18 20:33 +0100]:
Very hard to troubleshoot why it isnt working properly unless it is in debug mode :) (log file is /var/log/system.log), should anyone be curious. If this is problematic/show stopper/undesirable, i will create a new release with no debug.
Feature request: make the debug output write to its own log that is not a system.log. Something like writing to the top level directory of TBB as tbb-sandbox-debug.log would be better.
I can file it as a github issue if you like.
On 2013-11-18 20:56, Erinn Clark wrote:
- Andreas Jonsson andreas@romab.com [2013:11:18 20:33 +0100]:
Very hard to troubleshoot why it isnt working properly unless it is in debug mode :) (log file is /var/log/system.log), should anyone be curious. If this is problematic/show stopper/undesirable, i will create a new release with no debug.
Feature request: make the debug output write to its own log that is not a system.log. Something like writing to the top level directory of TBB as tbb-sandbox-debug.log would be better.
I can file it as a github issue if you like.
Hi, Would comply if it was possible. It is not under my control however. If it makes people easier of mind, this is what log file looks like:
Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/org.mozilla.torbrowser.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/ByHost/.GlobalPreferences.B101F099-F648-519F-AB1B-DC931056B734.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/.GlobalPreferences.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Library/Preferences/.GlobalPreferences.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/com.apple.LaunchServices.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/com.apple.ATS.plist Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /private/var/folders/f7/27l6xbks2yx_qml_r37vqzbr0000gn Nov 18 20:58:20 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-data /Users/andreas/Library/Preferences/com.apple.HIToolbox.plist Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny mach-lookup com.apple.ls.boxd Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Users/andreas/Library/Internet Plug-Ins/WebEx64.plugin Nov 18 20:58:24 --- last message repeated 4 times --- Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Library/Internet Plug-Ins/Default Browser.plugin Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Library/Internet Plug-Ins/flashplayer.xpt Nov 18 20:58:24 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Library/Internet Plug-Ins/JavaAppletPlugin.pluginNov 18 20:59:55 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /.vol Nov 18 20:59:55 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Users/andreas/Documents Nov 18 20:59:55 --- last message repeated 3 times --- Nov 18 20:59:55 stiletto kernel[0]: Sandbox: firefox(12880) deny file-read-metadata /Users/andreas/Desktop/untitled folder/slask
This log files more or less explodes when opening files etc.
Perhaps the log file should be default to off, and enabled for those willing to help debugging. It will not completely remove info from this log however, should the sandbox trigger exceptions in underlying libraries.
Example:
Nov 18 20:58:20 stiletto.u88.romab.com appleeventsd[76]: rdar://problem/11489077 A sandboxed application with pid 12880, "TorBrowser" checked in with appleeventsd, but its code signature could not be validated ( either because it was corrupt, or could not be read by appleeventsd ) and so it cannot receive AppleEvents targeted by name, bundle id, or signature. Error=ERROR: #100013 { "NSDescription"="SecCodeCopyGuestWithAttributes() returned 100013, -." } (handleMessage()/appleEventsD.cp #2072) client-reqs-q
/andreas
On 2013-11-18 21:04, Andreas Jonsson wrote:
On 2013-11-18 20:56, Erinn Clark wrote:
- Andreas Jonsson andreas@romab.com [2013:11:18 20:33 +0100]:
Very hard to troubleshoot why it isnt working properly unless it is in debug mode :) (log file is /var/log/system.log), should anyone be curious. If this is problematic/show stopper/undesirable, i will create a new release with no debug.
Feature request: make the debug output write to its own log that is not a system.log. Something like writing to the top level directory of TBB as tbb-sandbox-debug.log would be better.
I can file it as a github issue if you like.
Ok, new release with as little logging as possible. should be present here: https://github.com/trams242/tor-browser-bundle/releases/tag/0.2
also fixes icons in open-file dialog.
/a
* Andreas Jonsson andreas@romab.com [2013:11:18 21:44 +0100]:
Ok, new release with as little logging as possible. should be present here: https://github.com/trams242/tor-browser-bundle/releases/tag/0.2
also fixes icons in open-file dialog.
Hm, I don't think it should have less logging. I didn't realize OSX sandboxing prevented you from putting the debug log elsewhere. But I think it should have plenty verbose logging, especially while people are trying to test it, so I would propose to undo that change.
Erinn Clark erinn@torproject.org wrote Mon, 18 Nov 2013 18:51:04 -0200:
| * Andreas Jonsson andreas@romab.com [2013:11:18 21:44 +0100]: | > Ok, new release with as little logging as possible. should be present here: | > https://github.com/trams242/tor-browser-bundle/releases/tag/0.2%3E | > also fixes icons in open-file dialog. | | Hm, I don't think it should have less logging. I didn't realize OSX sandboxing | prevented you from putting the debug log elsewhere. But I think it should have | plenty verbose logging, especially while people are trying to test it, so I | would propose to undo that change.
Hi,
If I can just chip in with a small euro 0.02, without ever have seen this wonderful piece of software, I'd add a vote for building things with all kind of logging turned off by default and an option for enabling it by those who need to debug things.
Rationale is that it should be easy enough for QA people to enable logging before testing while the cost of any of the "debug builds" finding its way to somebody who depend on anonymity could be catastrophically high.
Thanks, Linus
Hi,
If I can just chip in with a small euro 0.02, without ever have seen this wonderful piece of software, I'd add a vote for building things with all kind of logging turned off by default and an option for enabling it by those who need to debug things.
Rationale is that it should be easy enough for QA people to enable logging before testing while the cost of any of the "debug builds" finding its way to somebody who depend on anonymity could be catastrophically high.
Thanks, Linus
Hi, With 0.2 and onwards logging is default disabled. The logs do not reveal what the user does, but it does reveal how often they use tor.
That being said, there are still places where TBB leaves traces. Not sure if this is still a goal to make it self contained.
/andreas
-
Andreas Jonsson -
Erinn Clark -
Linus Nordberg