Author: intrigeri Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Tor Launcher automation meeting
Hi,
sajolida: > tails-dev: Part of my mission was to ask two more technical questions
> but apparently it's too early to answer both of them with certainty: > 18:47:50: #1: What kind of network connections will Tor Launcher
> initiate *itself* (as opposed to asking little-t-tor to)? None? > The answer is unclear but Tor Launcher will probably initiate some
> network activity of its own, for example to start meek-client to talk to
> bridgedb.
OK, this is very good to know: it can prevent us from wasting time on
developments that would be incompatible with this upcoming feature.
That's a bit sad for upstream Tor Browser (as long as Tor Launcher is
part of the Firefox process, this will make it impossible to sandbox
Tor Browser in a way that it can't initiate network communication
without going through little-t-tor).
As far as Tails is concerned:
* At the moment we run Tor Launcher as a dedicated user (so we're not
affected by that sandboxing limitation); now, we have plans to
change that (#9051), which would be very problematic once Tor
Launcher needs to initiate network activity of its own. Added this
note to that ticket.
* We don't sandbox Firefox processes this much anyway: the benefit
would be very limited considering we also have our firewall as an
additional layer of protection that will prevent Tor Browser to
bypass Tor.
> 18:58:56: #3: Any news on the possible language and coding dependencies
> for this new Tor Launcher? How easy is it going to be to reuse it in
> Tails? :) > The answer is unclear as well but mcs says that they will likely not
> have enough time to create a completely new Tor Launcher.
So on the short term, nothing changes for us, but the future is
uncertain apparently. I do hope Tor Launcher becomes an external
process in light of the improved sandboxing it'll allow (outside of
Tails).
> Hope it's useful :)