commit 09b66528f6013c0ca5ee9be20ad91cadb3e901aa Author: Yawning Angel yawning@schwanenlied.me Date: Mon Nov 28 08:22:03 2016 +0000
Bug #20773: Mount `/proc` in the tor container for hardened.
Asan requires `/proc/self/maps` to run. Fun fun fun. --- src/cmd/sandboxed-tor-browser/internal/sandbox/application.go | 9 +++++++-- src/cmd/sandboxed-tor-browser/internal/ui/ui.go | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go index 22c43ee..26baeef 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go @@ -441,7 +441,7 @@ func stageUpdate(updateDir, installDir string, mar []byte) error { }
// RunTor launches sandboxeed Tor. -func RunTor(cfg *config.Config, torrc []byte) (cmd *exec.Cmd, err error) { +func RunTor(cfg *config.Config, manif *config.Manifest, torrc []byte) (cmd *exec.Cmd, err error) { defer func() { if r := recover(); r != nil { err = fmt.Errorf("%v", r) @@ -473,8 +473,13 @@ func RunTor(cfg *config.Config, torrc []byte) (cmd *exec.Cmd, err error) { // `/proc/sys/net/core/somaxconn` - obfs4proxy, Go runtime uses this to // determine listener backlog, but will default to `128` on errors. // + // Hardened builds are special cased because asan crashes the binary + // if it can't read `/proc/self/maps`. + // // See: https://bugs.torproject.org/20773 - h.mountProc = false + if manif.Channel != "hardened" { + h.mountProc = false + }
if err = os.MkdirAll(cfg.TorDataDir, DirMode); err != nil { return diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go index 80588de..b2ca8ee 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go @@ -282,7 +282,7 @@ func (c *Common) launchTor(async *Async, onlySystem bool) (dialFunc, error) { os.Remove(filepath.Join(c.Cfg.TorDataDir, "control_port"))
async.UpdateProgress("Launching Tor executable.") - cmd, err := sandbox.RunTor(c.Cfg, torrc) + cmd, err := sandbox.RunTor(c.Cfg, c.Manif, torrc) if err != nil { async.Err = err return nil, err