[tor-bugs] #20884 [Applications/Tor Browser]: Tor Browser requires D-Bus' /etc/machine-id on Arch Linux

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Dec 4 13:20:59 UTC 2016


#20884: Tor Browser requires D-Bus' /etc/machine-id on Arch Linux
------------------------------------------+----------------------
     Reporter:  robotanarchy              |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 Hello Tor developers,

 I have been playing with firejail to harden the Tor Browser on Arch Linux.
 And I've noticed, that when creating a private /etc folder with only the
 minimal required files, the file /etc/machine-id is necessary or the
 Firefox in Tor Browser will segfault.

 http://0pointer.de/public/systemd-man/machine-id.html
 > The machine ID is usually generated from a random source during system
 installation and stays constant for all subsequent boots.

 This could be a potential issue, when tor browser gets exploited and
 someone can uniquely identify the host machine with that ID.

 Maybe it would be feasible to build Firefox without the D-Bus dependency
 on Linux to solve this?

 Related firejail ticket:
 https://github.com/netblue30/firejail/issues/955

 Thanks for making Tor!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20884>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list