[tor-bugs] #31031 [Applications/Tor Browser]: Tor Browser trying to read /etc/machine-id on start

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jul 1 08:49:37 UTC 2019


#31031: Tor Browser trying to read /etc/machine-id on start
--------------------------------------+--------------------------
 Reporter:  rain-undefined            |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------
Changes (by gk):

 * cc: sysrqb (added)


Comment:

 sysrqb pointed to:
 {{{
 if (allowPulse) {
     // PulseAudio also needs access to read the $XAUTHORITY file (see
     // bug 1384986 comment #1), but that's already allowed for hybrid
     // GPU drivers (see above).
     policy->AddPath(rdonly, "/var/lib/dbus/machine-id");
   }
 }}}
 However, a bit above that we have:
 {{{
   bool allowPulse = false;
   bool allowAlsa = false;
   if (level < 4) {
 #ifdef MOZ_PULSEAUDIO
     allowPulse = true;
 #endif
 }}}
 If you look at the sandbox level in `about:config`
 `security.sandbox.content.level` gives you `4`. And even
 `GetEffectiveContentSandboxLevel()` (which determines `level`) seems to
 give `4` back:
 {{{
 #ifdef XP_LINUX
   // Level 4 and up will break direct access to audio.
   if (level > 3 && !Preferences::GetBool("media.cubeb.sandbox")) {
     level = 3;
   }
 #endif

   return level;
 }}}
 given that `media.cubeb.sandbox` is `true`.

 So, it seems that content at least is not the culprit here.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31031#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list