torbrowser-launcher
torbrowser-launcher copied to clipboard
torproject
local repo vs torbrowser-launcher vs flatpak vs snap: what's the best way to get tor browser?
@micahflee What do you think about the project to make Tor Browser available as a snap package run by Joe Borg? Is there a possibility to cooperate between your two projects? How safe will using Tor Browser be when available as a snap? https://github.com/snapcrafters/tor-browser
It looks like the project I previously linked to was deleted. What is currently the best way to install and use Tor Browser on a Linux-based operating system (unless I were to use something like Tails)? Is it best if Tor Browser is packaged to be directly included in the repositories, to use the torbrowser-launcher or to wait until there is a flatpak or snap package? What's the best way to go forward?
Snaps are probably the best option in terms of security. Snap packages, like flatpak packages, can not see beyond their assigned root directories, interact with other processes, use dangerous syscalls etc.
This combination of restrictive AppArmor profiles (which mediate file access, application execution, Linux capabilities(7), mount, ptrace, IPC, signals, coarse-grained networking), clearly defined application-specific filesystem areas, whitelist syscall filtering via seccomp, private /tmp, new instance devpts and device cgroups provides for strong application confinement and isolation.
The main difference between snap and flatpak seems to be that snap enforces the security boundaries using AppArmor, whereas flatpak does not use SELinux (yet) (an equivalent to AppArmor).
Note that, for these sandboxes to make sense, Wayland is required. The legacy X display server does not isolate the GUI at all, meaning that sandboxed applications can still interact with other windows and intercept keyboard inputs.
The main difference between snap and flatpak seems to be that snap enforces the security boundaries using AppArmor, whereas flatpak does not use SELinux (yet) (an equivalent to AppArmor).
I don't know about security comparsion or if this is topical here, but for me the main difference between Snap and Flatpak is more of ideological, Snaps only support a single repository at a time and in my opinion this ties it to Ubuntu/Canonical tightly, while flatpaks are closer to traditional repositories and you can add as many as you want (and this is why I go with flatpaks first, snaps second). There is still the de-facto Flathub where everyone can get into, which is probably equivalent of Snapcraft.io/store.
In distributions, Flatpak seems to often be more supported while Snapd is outdated according to kamikazow's wordpress. However that article may be starting to be a bit dated, I don't know if the situation has improved.
Snaps only support a single repository at a time and in my opinion this ties it to Ubuntu/Canonical tightly, while flatpaks are closer to traditional repositories and you can add as many as you want (and this is why I go with flatpaks first, snaps second).
I agree. Snap is tied too strongly to Canoncial. I'm not sure if 'the traditional' repository model is something to be desired though, in the end we just want our package to get out there without having to worry about which repository to use. It'd be great if we could all settle on a single packaging system that isn't tied to a particular distribution or vendor. Ideologies aside however, at least on Ubuntu with Wayland, Snap seems to be the only packaging system that properly sandboxes the applications. But again, that doesn't go for distributions that use SELinux in place of AppArmor. Since Snap uses AppArmor, and Flatpak doesn't use either. Perhaps we should just support both and see where things go?
The main difference between snap and flatpak seems to be that snap enforces the security boundaries using AppArmor, whereas flatpak does not use SELinux (yet) (an equivalent to AppArmor).
flatpak does not use, or need SELinux to enforce security boundaries. It uses namespaces, cgroups and seccomp (like e.g. docker does too). This means it is sandboxed on all distros, independent on whether they support AppArmor, SELinux or neither.
The main difference between snap and flatpak seems to be that snap enforces the security boundaries using AppArmor, whereas flatpak does not use SELinux (yet) (an equivalent to AppArmor). ...
@alexlarsson It is my understanding that Snap requires Apparmor to be effective. So in that case Flatpak would be better since not all distributions have Apparmor.
Yes, currently Snap is permissive on non-apparmor distros. However I believe Snap developers are working on SELinux support. I don't know the status of that though.
I haven’t really found any technical comparisons between the two, but I’d like to better understand how the 2 isolate processes. @alexlarsson do you know of any technical documentation on the different isolation technologies used?
Here is some docs on the flatpak sandbox: https://github.com/flatpak/flatpak/wiki/Sandbox Its a bit old, but mostly correct.
Have the issues raised by https://flatkill.org/ already been addressed within the Flatpak community? The fact that someone took the time to set up this website has to be taken seriously. Do I understand it correctly that the security of a flatpak application depends to a large degree on the one who packages it?
That site is some hater and is purely made in bad faith. There is no realistic way to "address" it, because there is no way to reply to it, and the issues raised are either bullshit or things that affect all packaging systems in existance...