[tor-bugs] #4280 [Applications/Tor Browser]: build changes for TBB
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Dec 16 08:30:58 UTC 2019
#4280: build changes for TBB
--------------------------------------+----------------------------
Reporter: ioerror | Owner: tbb-team
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: worksforme
Keywords: tbb-security, apparmor | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+----------------------------
Changes (by gk):
* status: assigned => closed
* resolution: => worksforme
Comment:
Replying to [comment:9 mikeperry]:
> Well, tbh more accurately I see no harm in them. That doesn't mean there
is no harm.
>
> Also, I've thought about ioerror's other comments, and if you are using
a least privileged wrapper around TBB like seatbelt, selinux, or apparmor,
then the --disable-ctypes *will* actually increase security...
>
> I think the best plan is to add the following to our alpha builds and
see what breaks:
>
> +ac_add_options --enable-install-strip
> +ac_add_options --disable-parental-controls
> +ac_add_options --disable-ctypes
>
> If we can't add these options only to the alpha builds yet, we should
hold off entirely until we can.
I think we are good here. Builds are getting stripped by default, the
second option does nothing anymore and the third one breaks us horribly.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4280#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list