├── .github └── stale.yml ├── LICENSE ├── README.md ├── screenshot.png ├── torbrowser.profile └── torbrowser.sh /.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Number of days of inactivity before an issue becomes stale 2 | daysUntilStale: 60 3 | # Number of days of inactivity before a stale issue is closed 4 | daysUntilClose: 7 5 | # Issues with these labels will never be considered stale 6 | exemptLabels: 7 | - pinned 8 | - security 9 | # Label to use when marking an issue as stale 10 | staleLabel: stale 11 | # Comment to post when marking an issue as stale. Set to `false` to disable 12 | markComment: > 13 | This issue has been automatically marked as stale because it has not had 14 | recent activity. It will be closed if no further activity occurs. Thank you 15 | for your contributions. 16 | # Comment to post when closing a stale issue. Set to `false` to disable 17 | closeComment: false -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 B.Walden 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![License](http://img.shields.io/:license-mit-blue.svg?style=flat)](http://badges.mit-license.org) 2 | 3 | # torjail 4 | 5 | Sandbox torbrowser using firejail, Xephyr & dwm 6 | 7 | This script downloads & sets up torbrowser in a private directory. 8 | 9 | It then runs torbrowser in a sandbox using firejail, Xephyr and dwm 10 | 11 | firejail https://firejail.wordpress.com/ 12 | xephyr https://wiki.freedesktop.org/www/Software/Xephyr/ 13 | dwm http://dwm.suckless.org/ 14 | torbrowser https://www.torproject.org/projects/torbrowser.html.en 15 | 16 | The default directory for install is ~/.torjail 17 | 18 | You can install the script wherever you want providing you keep the associated files. 19 | 20 | use `-x` to disable Xephyr + dwm 21 | 22 | **License:** MIT 23 | 24 | ## why? 25 | 26 | A few references to why you should use a sandbox & xephyr 27 | 28 | torproject: 29 | 30 | Wait, Firefox uses X11, isn't security basically hopeless? 31 | 32 | If you want to attempt to mitigate this, the best options are: 33 | 34 | Use a nested X11 implementation like Xephyr or Xpra. 35 | 36 | mozilla: 37 | 38 | The one exception to the network policy, for now, 39 | is the X11 protocol which is used to display graphics and receive keyboard/mouse input. 40 | 41 | ## screenshot 42 | 43 | ![](https://raw.githubusercontent.com/equk/torjail/master/screenshot.png) 44 | 45 | ## variables 46 | 47 | TORJAIL_BASE="${HOME}/.torjail" 48 | TORJAIL_RES="800x600" 49 | TORJAIL_DISPLAY=":6" 50 | 51 | Most useful variable is probably resolution & possibly display (depending on how many other xephyr sessions you run) 52 | 53 | ## features 54 | 55 | - [x] downloads torbrowser from torproject.org 56 | - [x] sets up a working env in tmpfs 57 | - [x] runs tor in a sandbox 58 | - [x] runs in /tmp/ so any changes are not saved 59 | - [x] runs in its own xephyr dwm session 60 | - [x] has sha256 verification 61 | - [x] works on 32bit & 64bit linux 62 | - [x] stores everything in ~/.torjail 63 | - [x] version checking & updating 64 | - [x] gpg verification of downloads 65 | 66 | ## removal 67 | 68 | Remove this script & ~/.torjail 69 | 70 | ## script running 71 | 72 | ./torbrowser.sh 73 | [ OK ] starting torbrowser script 74 | [ OK ] torbrowser version 5.0.6 found 75 | [ ERROR ] Unable to find torjail home 76 | [ ERROR ] Would you like to download & setup torbrowser [y/n] 77 | y 78 | [ OK ] setting up torjail 79 | [ OK ] creating torjail base folder at ~/.torjail 80 | gpg: error reading key: No public key 81 | [ OK ] Downloading PGP Public Key... 82 | gpg: key 93298290: public key "Tor Browser Developers (signing key) " imported 83 | gpg: no ultimately trusted keys found 84 | gpg: Total number processed: 1 85 | gpg: imported: 1 86 | pub rsa4096/93298290 2014-12-15 [expires: 2020-08-24] 87 | Key fingerprint = EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 88 | uid [ unknown] Tor Browser Developers (signing key) 89 | sub rsa4096/F65C2036 2014-12-15 [expires: 2017-08-25] 90 | sub rsa4096/D40814E0 2014-12-15 [expires: 2017-08-25] 91 | 92 | [ OK ] downloading checksums - sha256sums.txt 93 | ######################################################################## 100.0% 94 | [ OK ] downloading GPG asc - tor-browser-linux64-5.0.6_en-US.tar.xz.asc 95 | ######################################################################## 100.0% 96 | [ OK ] verifying files 97 | tor-browser-linux64-5.0.6_en-US.tar.xz: OK 98 | [ OK ] verifying gpg key 99 | gpg: Signature made Thu 17 Dec 2015 20:57:01 GMT using RSA key ID D40814E0 100 | gpg: Good signature from "Tor Browser Developers (signing key) " [unknown] 101 | gpg: WARNING: This key is not certified with a trusted signature! 102 | gpg: There is no indication that the signature belongs to the owner. 103 | Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290 104 | Subkey fingerprint: BA1E E421 BBB4 5263 180E 1FC7 2E1A C68E D408 14E0 105 | [ OK ] extracting torbrowser bundle 106 | [ WARN ] dwm does not exist in priv-home 107 | [ WARN ] copying dwm from /usr/bin/dwm 108 | [ OK ] starting session 109 | 110 | on update 111 | 112 | [ OK ] starting torbrowser script 113 | [ OK ] torbrowser version 7.5.6 found 114 | [ WARN ] torbrowser requires updating 115 | [ WARN ] current ver: 7.5.6 116 | [ WARN ] updating to: 8.0 117 | [ OK ] creating torjail base folder at ~/.torjail 118 | 119 | ## notes 120 | 121 | Once you download torbrowser bundle the file is kept in ~/.torjail for future use so you don't have to 122 | keep re-downloading the bundle. It also always checks the sha256sum of the file before extraction. 123 | 124 |
Mozilla References 125 | 126 | [Security/Sandbox - Mozilla Wiki](https://wiki.mozilla.org/Security/Sandbox) 127 | 128 | [Garf's blog: Linux sandboxing improvements in Firefox 60](https://www.morbo.org/2018/05/linux-sandboxing-improvements-in_10.html)
-------------------------------------------------------------------------------- /screenshot.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/equk/torjail/e7d0dfc6ad713a27affc084be5b9b43f60efce0a/screenshot.png -------------------------------------------------------------------------------- /torbrowser.profile: -------------------------------------------------------------------------------- 1 | # Firejail profile 2 | 3 | # Profile For Custom tor-browser-en 4 | # Sandbox also enables seccomp 5 | 6 | # includes 7 | include /etc/firejail/disable-programs.inc 8 | include /etc/firejail/disable-common.inc 9 | include /etc/firejail/disable-devel.inc 10 | include /etc/firejail/disable-interpreters.inc 11 | 12 | include /etc/firejail/whitelist-common.inc 13 | include /etc/firejail/whitelist-var-common.inc 14 | include /etc/firejail/whitelist-runuser-common.inc 15 | include /etc/firejail/whitelist-usr-share-common.inc 16 | 17 | caps.drop all 18 | netfilter 19 | nogroups 20 | nonewprivs 21 | noroot 22 | nodvd 23 | nodbus 24 | notv 25 | nou2f 26 | novideo 27 | protocol unix,inet,inet6 28 | seccomp !chroot 29 | #shell none 30 | #tracelog 31 | 32 | # blacklist 33 | blacklist /boot 34 | blacklist /mnt 35 | blacklist /root 36 | blacklist /srv 37 | 38 | disable-mnt 39 | # extended sandbox for torbrowser 40 | # note: any changes will not be saved 41 | private /tmp/torjail/tor-browser/Browser 42 | private-etc alsa,alternatives,asound.conf,ca-certificates,crypto-policies,fonts,ld.so.cache,ld.so.conf,ld.so.conf.d,ld.so.preload,machine-id,pki,pulse,resolv.conf,ssl 43 | private-dev 44 | private-bin bash,cat,cp,cut,dirname,env,expr,file,gpg,grep,gxmessage,id,kdialog,ln,mkdir,mv,python*,rm,sed,sh,tail,tar,tclsh,test,tor-browser,tor-browser-en,torbrowser-launcher,update-desktop-database,xmessage,xz,zenity 45 | private-tmp 46 | -------------------------------------------------------------------------------- /torbrowser.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #***************************************************************** 3 | # torjail - equk.co.uk 4 | #***************************************************************** 5 | # This script downloads & sets up torbrowser in a private directory. 6 | # It then runs torbrowser in a sandbox using firejail, Xephyr 7 | # and dwm 8 | # 9 | # firejail https://firejail.wordpress.com/ 10 | # xephyr https://wiki.freedesktop.org/www/Software/Xephyr/ 11 | # dwm http://dwm.suckless.org/ 12 | # torbrowser https://www.torproject.org/projects/torbrowser.html.en 13 | # 14 | # The defaults install to ~/.torjail 15 | # 16 | # DWM Support 17 | # *** ******* 18 | # 19 | # The script executes dwm from within the sandboxed env 20 | # On execution the script checks for dwm & will copy dwm from $PATH 21 | # This allows for a custom compiled dwm to be used 22 | # 23 | # Run Without DWM / Xephyr 24 | # *** ******* *** ****** 25 | # 26 | # You can run the script without dwm or xephyr by adding -x 27 | # 28 | #***************************************************************** 29 | # License: MIT (LICENSE file should be included with script) 30 | #***************************************************************** 31 | # Notes: You may want to provide your own custom copiled dwm 32 | #***************************************************************** 33 | 34 | # variables 35 | TORJAIL_BASE="${HOME}/.torjail" 36 | TORJAIL_RES="800x600" 37 | TORJAIL_DISPLAY=":6" 38 | #***************************************************************** 39 | # you probably don't need to change anything below this line 40 | #***************************************************************** 41 | TORJAIL="torbrowser" 42 | TORJAIL_XAUTH="/tmp/.Xauthority-$TORJAIL" 43 | TORJAIL_TMP="/tmp/.torxephyr" 44 | TORJAIL_RAM="/tmp/torjail" 45 | TORJAIL_HOME="${TORJAIL_RAM}/tor-browser/Browser" 46 | 47 | # download locations 48 | TOR_VER="13.0.8" 49 | TOR_MIRROR="https://dist.torproject.org/torbrowser/${TOR_VER}" 50 | TOR_X64="tor-browser-linux-x86_64-${TOR_VER}.tar.xz" 51 | TOR_32="tor-browser-linux-i686-${TOR_VER}.tar.xz" 52 | TOR_SHA="sha256sums-signed-build.txt" 53 | TOR_GPG="0x4E2C6E8793298290" 54 | 55 | # color / colour 56 | blue="\033[1;34m" 57 | green="\033[1;32m" 58 | red="\033[1;31m" 59 | yellow="\033[1;33m" 60 | reset="\033[0m" 61 | 62 | # CLI feedback 63 | cl_error="[$red ERROR $reset]" 64 | cl_ok="[$green OK $reset]" 65 | cl_warn="[$yellow WARN $reset]" 66 | 67 | # get current path 68 | SCRIPT_PWD=$(pwd) 69 | 70 | # check architecture 71 | ARCH=$(getconf LONG_BIT) 72 | if [ "$ARCH" = "64" ]; then 73 | TOR_DOWNLOAD=$TOR_X64 74 | else 75 | TOR_DOWNLOAD=$TOR_32 76 | fi 77 | TOR_ASC="${TOR_DOWNLOAD}.asc" 78 | 79 | # commandline options ( -x disables xephyr ) 80 | while getopts ":x" opt; do 81 | case $opt in 82 | x) 83 | disable_xephyr="1" 84 | echo -e "$cl_warn disabling Xephyr" 85 | ;; 86 | \?) 87 | echo -e "$cl_error invalid option: -$OPTARG" 88 | echo -e "$cl_warn valid options: -x (disables Xephyr)" 89 | exit 1 90 | ;; 91 | esac 92 | done 93 | 94 | check_result() { 95 | if [ $1 -ne 0 ]; then 96 | echo -e "$cl_error checksum or gpg key did not match" 97 | echo -e "$cl_warn removing files" 98 | rm $TOR_DOWNLOAD 99 | rm $TOR_SHA 100 | rm sha.tmp 101 | echo -e "$cl_warn corrupt/invalid files removed - please restart torjail" 102 | exit 1 103 | fi 104 | } 105 | 106 | update() { 107 | echo -e "$cl_warn torbrowser requires updating" 108 | echo -e "$cl_warn current ver: $INSTALLED_VER" 109 | echo -e "$cl_warn updating to: $TOR_VER" 110 | rm -rf $TORJAIL_BASE 111 | install 112 | } 113 | 114 | install() { 115 | echo -e "$cl_ok creating torjail base folder at ${TORJAIL_BASE}" 116 | mkdir -p $TORJAIL_BASE 117 | cd $TORJAIL_BASE 118 | 119 | gpg --fingerprint ${TOR_GPG} 120 | if [ $? -ne 0 ]; then 121 | echo -e "$cl_ok Downloading PGP Public Key..." 122 | gpg --keyserver keys.openpgp.org --recv-keys ${TOR_GPG} 123 | gpg --fingerprint ${TOR_GPG} 124 | if [ $? -ne 0 ]; then 125 | echo -e "$cl_error Could not download PGP public key for verification" 126 | exit 1 127 | fi 128 | else 129 | echo -e "$cl_ok signing key for torbrowser found" 130 | echo -e "$cl_ok Tor Browser Developers (signing key) " 131 | fi 132 | 133 | if [[ ! -e $TOR_DOWNLOAD ]]; then 134 | echo -e "$cl_ok downloading torbrowser - ${TOR_DOWNLOAD}" 135 | curl -OL# "${TOR_MIRROR}/${TOR_DOWNLOAD}" 136 | fi 137 | if [[ ! -e $TOR_SHA ]]; then 138 | echo -e "$cl_ok downloading checksums - ${TOR_SHA}" 139 | curl -OL# "${TOR_MIRROR}/${TOR_SHA}" 140 | fi 141 | if [[ ! -e $TOR_ASC ]]; then 142 | echo -e "$cl_ok downloading GPG asc - ${TOR_ASC}" 143 | curl -OL# "${TOR_MIRROR}/${TOR_ASC}" 144 | fi 145 | echo -e "$cl_ok verifying files" 146 | grep $TOR_DOWNLOAD $TOR_SHA >sha.tmp 147 | shasum -c sha.tmp 148 | check_result $? 149 | 150 | echo -e "$cl_ok verifying gpg key" 151 | gpg --verify $TOR_ASC $TOR_DOWNLOAD 152 | check_result $? 153 | 154 | rm sha.tmp 155 | echo -e "$cl_ok extracting torbrowser bundle" 156 | mkdir -p $TORJAIL_RAM 157 | tar -xJf $TOR_DOWNLOAD -C $TORJAIL_RAM 158 | echo $TOR_VER >>VER_INSTALLED 159 | } 160 | 161 | # Check for root ( quit if root :x ) 162 | if [ $(whoami) = "root" ]; then 163 | exit 1 164 | fi 165 | 166 | # show cli feedback to show script starting 167 | echo -e "$cl_ok starting torbrowser script" 168 | 169 | # check if tmpfs home exists 170 | if [[ -e $TORJAIL_RAM ]]; then 171 | echo -e "$cl_warn torjail exists in tmpfs" 172 | echo -e "$cl_ok removing $TORJAIL_RAM" 173 | rm -r $TORJAIL_RAM 174 | fi 175 | 176 | # check version installed & update if required 177 | if [[ -e $TORJAIL_BASE/VER_INSTALLED ]]; then 178 | INSTALLED_VER=$(head -n 1 $TORJAIL_BASE/VER_INSTALLED) 179 | echo -e "$cl_ok torbrowser version ${INSTALLED_VER} found" 180 | if [[ "$INSTALLED_VER" != "$TOR_VER" ]]; then 181 | update 182 | fi 183 | else 184 | install 185 | fi 186 | 187 | # make sure we are in script working directory 188 | cd $SCRIPT_PWD 189 | 190 | # check if xephyr instance of torjail already running 191 | if [[ -e $TORJAIL_TMP ]]; then 192 | echo -e "$cl_error another TORJAIL xephyr instance was detected" 193 | echo -e "$cl_error would you like to continue? [y/n]" 194 | read answer 195 | case $answer in 196 | [Yy]*) 197 | echo -e "$cl_warn attempting to start session" 198 | ;; 199 | [Nn]*) 200 | echo -e "$cl_error exiting ..." 201 | exit 1 202 | ;; 203 | *) 204 | echo -e "$cl_error invalid input" 205 | echo -e "$cl_error exiting ..." 206 | exit 1 207 | ;; 208 | esac 209 | fi 210 | 211 | # cleanup xauth if exists 212 | if [[ -e $TORJAIL_XAUTH ]]; then 213 | rm -- "$TORJAIL_XAUTH" 214 | fi 215 | 216 | # create tmp file 217 | if [[ ! -e $TORJAIL_TMP ]]; then 218 | touch "$TORJAIL_TMP" 219 | fi 220 | 221 | # create tmpfs home 222 | if [[ ! -e $TORJAIL_RAM ]]; then 223 | echo -e "$cl_ok creating $TORJAIL_RAM" 224 | mkdir -p $TORJAIL_RAM 225 | echo -e "$cl_ok extracting torbrowser bundle" 226 | tar -xJf $TORJAIL_BASE/$TOR_DOWNLOAD -C $TORJAIL_RAM 227 | fi 228 | 229 | # check if xephyr disable opt passed 230 | if [[ $disable_xephyr != 1 ]]; then 231 | # check if dwm installed 232 | if ! [ -x "$(command -v dwm)" ]; then 233 | echo -e "$cl_error dwm not installed" 234 | echo -e "$cl_error exiting ..." 235 | exit 1 236 | fi 237 | # copy dwm binary if it doesn't exist 238 | if [[ ! -e $TORJAIL_HOME/dwm ]]; then 239 | echo -e "$cl_warn dwm does not exist in priv-home" 240 | echo -e "$cl_warn copying dwm" 241 | cp $(command -v dwm) $TORJAIL_HOME/dwm 242 | fi 243 | # setup x vars 244 | touch "$TORJAIL_XAUTH" 245 | xauth -f "$TORJAIL_XAUTH" add "$TORJAIL_DISPLAY" . "$(mcookie)" 246 | # start xephyr 247 | Xephyr -auth "$TORJAIL_XAUTH" -screen "$TORJAIL_RES" "$TORJAIL_DISPLAY" & 248 | TORJAIL_PID=$! 249 | export DISPLAY="$TORJAIL_DISPLAY" 250 | export XAUTHORITY="$TORJAIL_XAUTH" 251 | # execute sandboxed dwn env & application 252 | echo -e "$cl_ok starting session" 253 | firejail --profile="$TORJAIL.profile" ./dwm & 254 | firejail --profile="$TORJAIL.profile" "./start-tor-browser" 255 | # kill Xephyr 256 | kill $TORJAIL_PID 257 | else 258 | # execute torjail without xephyr 259 | echo -e "$cl_ok starting session without Xephyr" 260 | firejail --profile="$TORJAIL.profile" "./start-tor-browser" 261 | fi 262 | 263 | # remove tmp file 264 | rm -- "$TORJAIL_TMP" 265 | 266 | # cleanup tmpfs 267 | if [[ -e $TORJAIL_RAM ]]; then 268 | echo -e "$cl_ok cleaning up tmpfs" 269 | echo -e "$cl_ok removing $TORJAIL_RAM" 270 | rm -r $TORJAIL_RAM 271 | fi 272 | 273 | # session finished 274 | echo -e "$cl_ok session finished ..." 275 | --------------------------------------------------------------------------------