commit 5d784358fcdbfad980b737824ed1565b237cc148 Author: Yawning Angel yawning@schwanenlied.me Date: Wed Apr 12 18:33:01 2017 +0000
Bug 21929: Remove hardened/ASAN related code.
The removes the bulk of the `hardened`/ASAN related code, as it is no longer relevant. The tor-sans-obfs4 seccomp rules probably can tighten the permitted mmap arguments a bit, but that can wait till I have more time. --- ChangeLog | 1 + data/tor-common-amd64.seccomp | 4 --- data/torbrowser-amd64.seccomp | 4 --- .../internal/sandbox/application.go | 35 ++++++++-------------- .../internal/sandbox/hugbox.go | 2 +- .../internal/ui/config/config.go | 3 +- .../sandboxed-tor-browser/internal/ui/launch.go | 5 ---- src/cmd/sandboxed-tor-browser/internal/ui/ui.go | 18 +---------- 8 files changed, 17 insertions(+), 55 deletions(-)
diff --git a/ChangeLog b/ChangeLog index 20cae09..e623392 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,5 @@ Changes in version 0.0.4 - UNRELEASED: + * Bug 21929: Remove hardened/ASAN related code. * Bug 21927: Remove the ability to install/update the hardened bundle. * Bug 21244: Update the MAR signing key for 7.0. * Bug 21536: Remove asn's scramblesuit bridge from Tor Browser. diff --git a/data/tor-common-amd64.seccomp b/data/tor-common-amd64.seccomp index 5bc0428..c324843 100644 --- a/data/tor-common-amd64.seccomp +++ b/data/tor-common-amd64.seccomp @@ -96,10 +96,6 @@ unshare: 1 rt_sigaction: 1 setsid: 1
-# XXX: This is only required for ASAN builds, so this should be included at -# runtime. -readlink: 1 - # # System calls allowed with filtering. # diff --git a/data/torbrowser-amd64.seccomp b/data/torbrowser-amd64.seccomp index a2c2817..11e42e5 100644 --- a/data/torbrowser-amd64.seccomp +++ b/data/torbrowser-amd64.seccomp @@ -181,10 +181,6 @@ uname: 1 unshare: 1 wait4: 1
-# XXX: This is only required for ASAN builds, so this should be included at -# runtime. -setrlimit: 1 - # # System calls allowed with filtering. # diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go index fa773d4..427c3b1 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go @@ -139,10 +139,16 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (pr // h.setenv("LD_LIBRARY_PATH", filepath.Join(browserHome, "TorBrowser", "Tor")) h.setenv("FONTCONFIG_PATH", filepath.Join(browserHome, "TorBrowser", "Data", "fontconfig")) h.setenv("FONTCONFIG_FILE", "fonts.conf") - if manif.Channel == "hardened" { - h.setenv("ASAN_OPTIONS", "detect_leaks=0") - h.setenv("NSS_DISABLE_HW_AES", "1") // For selfrando. - } + + // This used to be for `hardened` but may eventually be required for + // `alpha`, though according to trac, newer versions of selfrando fix the + // problem. + // + // https://trac.torproject.org/projects/tor/ticket/20683#comment:13 + // + // if manif.Channel == "alpha" { + // h.setenv("NSS_DISABLE_HW_AES", "1") // For selfrando. + // }
// GNOME systems will puke with a read-only home, so instead of setting // $HOME to point to inside the browser bundle, setup a bunch of @@ -176,19 +182,6 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (pr h.assetFile(stubPath, "tbb_stub.so")
ldPreload := stubPath - if manif.Channel == "hardened" { - // ASAN wants to be the first entry on LD_PRELOAD, so placate it. - matches, err := filepath.Glob(filepath.Join(realBrowserHome, "TorBrowser", "Tor") + "/libasan.so*") - if err != nil { - return nil, err - } - if len(matches) < 1 { - log.Printf("sandbox: Failed to find 'libasan.so.*'") - } else { - _, f := filepath.Split(matches[0]) - ldPreload = f + ":" + ldPreload - } - } h.setenv("LD_PRELOAD", ldPreload)
// Hardware accelerated OpenGL will not work, and never will. @@ -520,13 +513,11 @@ func RunTor(cfg *config.Config, manif *config.Manifest, torrc []byte) (process * // `/proc/sys/net/core/somaxconn` - obfs4proxy, Go runtime uses this to // determine listener backlog, but will default to `128` on errors. // - // Hardened builds are special cased because asan crashes the binary - // if it can't read `/proc/self/maps`. + // `/proc/self/maps` - ASAN. If it's ever enabled again, this mandates + // `/proc`. // // See: https://bugs.torproject.org/20773 - if manif.Channel != "hardened" { - h.mountProc = false - } + h.mountProc = false
if err = os.MkdirAll(cfg.TorDataDir, DirMode); err != nil { return diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go index fb51e41..118b7a7 100644 --- a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go +++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go @@ -166,7 +166,7 @@ func (h *hugbox) run() (*Process, error) { Stdout: h.stdout, Stderr: h.stderr, SysProcAttr: &syscall.SysProcAttr{ - Setsid: true, + Setsid: true, Pdeathsig: h.pdeathSig, }, } diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go index 44b6633..332c4b5 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/config/config.go @@ -293,8 +293,7 @@ type Config struct { // "linux64"). Architecture string `json:"-"`
- // Channel is the Tor Browser channel to install ("release", "alpha", - // "hardened"). + // Channel is the Tor Browser channel to install ("release", "alpha") Channel string `json:"channel,omitempty"`
// Locale is the Tor Browser locale to install ("en-US", "ja"). diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/launch.go b/src/cmd/sandboxed-tor-browser/internal/ui/launch.go index e929fa7..046e2b8 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/launch.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/launch.go @@ -55,11 +55,6 @@ func (c *Common) DoLaunch(async *Async, checkUpdates bool) { return }
- if c.Manif.Channel == chanHardened && sandbox.IsGrsecKernel() { - async.Err = fmt.Errorf("The 'hardened' release is incompatible with grsec.") - return - } - // Start tor if required. log.Printf("launch: Connecting to the Tor network.") async.UpdateProgress("Connecting to the Tor network.") diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go index 1de7e8c..c3882ad 100644 --- a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go +++ b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go @@ -67,7 +67,7 @@ const ( // bridges. DefaultBridgeTransport = "obfs4"
- chanHardened = "hardened" + // chanHardened = "hardened" )
func usage() { @@ -133,16 +133,6 @@ func (c *Common) Init() error { } c.Cfg.Sanitize()
- if sandbox.IsGrsecKernel() { - channels := []string{} - for _, v := range BundleChannels[c.Cfg.Architecture] { - if v != "hardened" { - channels = append(channels, v) - } - } - BundleChannels[c.Cfg.Architecture] = channels - } - if c.Manif != nil { if err = c.Manif.Sync(); err != nil { return err @@ -464,12 +454,6 @@ func init() { panic(err) }
- // Cowardly refuse to allow the user to install the hardeened bundle on - // grsec kernels. - if sandbox.IsGrsecKernel() { - delete(BundleLocales, chanHardened) - } - Bridges = make(map[string][]string) if d, err := data.Asset("bridges.json"); err != nil { panic(err)