![]() Open terminal and change ownership of root: chown -hR root tor-browseren-US/ Open browser by. The alternative is to use a hypervisor and run entirely distinct operating systems to achieve the same effects at slightly more cost for more clean and distinct isolation, as per Qubes OS or Whonix. Open start-tor-browser in nano, leafpad, gedit etc and comment the function as below : if id -u -eq 0 then complain The Tor Browser Bundle should not be run as root. This is how Subgraph approaches the problem. This would stop Tor Browser from being able to read your keystrokes to other windows or inserting its own keystrokes into other X windows. You could also consider, along with these steps, using something like Xephyr or xpra to create a sandboxed X environment within your normal X environment. Create a new network namespace so the process only sees the local loopback device, create a read-only filesystem and mount a tmpfs with your copy of tor browser copied into it, use seccomp sandboxing (at least blacklisting if not whitelisting) to reduce the damage an exploit might do and any privilege escalation or lateral movement it might perform. You might consider using some of the modern sandboxing mechanisms built into the linux kernel. If you want to create a tails-like setup where a packet filter enforces tor-only traffic, then you should instead run tor as a system daemon under a low privileged user and allow it and only it to send traffic out to the internet, then configure your Tor Browser running as your user to connect to the system daemon. Restricting tor " tor_browser" user ports 80 and 443 only restricts the selection of guards that the tor instance running as " tor_browser" can make. 2 Answers Sorted by: 1 Did you start the X window system before running the browser The error message sounds as if you are trying to open the browser from the command line without any graphical desktop interface running. 9150 is the SOCKS where connections to arbitrary ends-points can be negotiated. You said "for example the "tor_browser" has only the right to use the http and https ports". Running Tor Browser as another user inside of the same X environment means the Tor Browser, regardless of an UID it is run under, can influence anything you can through your desktop, as an example see mjg59'sĬircumventing Ubuntu Snap confinement. Your privilege seperation is security theatre. ![]() ![]() I guess I'll try to formulate a full answer to this.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |