[tor-commits] [sandboxed-tor-browser/master] Normalize the sandbox UID/GID to 1000/1000.
yawning at torproject.org
yawning at torproject.org
Thu Dec 8 20:16:17 UTC 2016
commit 7ad0525c601aa45414f56193760e3d08dd9cdae4
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Thu Dec 8 19:51:51 2016 +0000
Normalize the sandbox UID/GID to 1000/1000.
* Always unshare the USER namespace (Yes, I know this is scary, but
all caps are dropped by bwrap prior to exec()ing the command in the
container, and PR_SET_NO_NEW_PRIVS is called).
* Make the PulseAudio socket finder do the right thing, when
XDG_RUNTIME_DIR is set to something non-standard.
* Switch the container /etc/passwd and /etc/group files to be
go-bindata-ed since they are now static.
---
data/group | 1 +
data/passwd | 1 +
.../internal/sandbox/hugbox.go | 23 ++++++++++++----------
.../internal/sandbox/pulse.go | 7 ++++++-
4 files changed, 21 insertions(+), 11 deletions(-)
diff --git a/data/group b/data/group
new file mode 100644
index 0000000..cbaebb5
--- /dev/null
+++ b/data/group
@@ -0,0 +1 @@
+amnesia:x:1000:
diff --git a/data/passwd b/data/passwd
new file mode 100644
index 0000000..bed4f72
--- /dev/null
+++ b/data/passwd
@@ -0,0 +1 @@
+amnesia:x:1000:1000:Debian Live User,,,:/home/amnesia:/bin/bash
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
index 0707c57..98b2ec7 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/hugbox.go
@@ -35,7 +35,7 @@ import (
)
type unshareOpts struct {
- user bool
+ // user bool
ipc bool
pid bool
net bool
@@ -45,9 +45,11 @@ type unshareOpts struct {
func (u *unshareOpts) toArgs() []string {
var args []string
- if u.user {
- args = append(args, "--unshare-user-try")
- }
+
+ // A new user namespace is created unconditionally, so that gid/uids
+ // can be normalized.
+ args = append(args, "--unshare-user")
+
if u.ipc {
args = append(args, "--unshare-ipc")
}
@@ -223,10 +225,11 @@ func (h *hugbox) run() (*exec.Cmd, error) {
if h.chdir != "" {
fdArgs = append(fdArgs, "--chdir", h.chdir)
}
- passwdBody := fmt.Sprintf("amnesia:x:%d:%d:Debian Live User,,,:/home/amnesia:/bin/bash\n", os.Getuid(), os.Getgid())
- groupBody := fmt.Sprintf("amnesia:x:%d:\n", os.Getgid())
- h.file("/etc/passwd", []byte(passwdBody))
- h.file("/etc/group", []byte(groupBody))
+
+ fdArgs = append(fdArgs, "--uid", "1000")
+ fdArgs = append(fdArgs, "--gid", "1000")
+ h.assetFile("/etc/passwd", "passwd")
+ h.assetFile("/etc/group", "group")
if h.fakeDbus {
h.setupDbus()
@@ -370,7 +373,7 @@ type bwrapInfo struct {
func newHugbox() (*hugbox, error) {
h := &hugbox{
unshare: unshareOpts{
- user: true,
+ // user: true,
ipc: true,
pid: true,
net: true,
@@ -379,7 +382,7 @@ func newHugbox() (*hugbox, error) {
},
hostname: "amnesia",
mountProc: true,
- runtimeDir: filepath.Join("/run", "user", fmt.Sprintf("%d", os.Getuid())),
+ runtimeDir: filepath.Join("/run", "user", "1000"),
homeDir: "/home/amnesia",
pdeathSig: syscall.SIGTERM,
standardLibs: true,
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/pulse.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/pulse.go
index 5a005a5..6cb2ce1 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/pulse.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/pulse.go
@@ -43,7 +43,12 @@ func (h *hugbox) enablePulseAudio() error {
// along with the modern default locations.
sockPath := os.Getenv(pulseServer)
if sockPath == "" {
- sockPath = filepath.Join(h.runtimeDir, "pulse", "native")
+ hostRuntimeDir := os.Getenv("XDG_RUNTIME_DIR")
+ if hostRuntimeDir == "" {
+ // Should never happen, the app requires/uses XDG_RUNTIME_DIR.
+ return fmt.Errorf("hugbox: BUG: Couldn't determine XDG_RUNTIME_DIR")
+ }
+ sockPath = filepath.Join(hostRuntimeDir, "pulse", "native")
} else if strings.HasPrefix(sockPath, unixPrefix) {
sockPath = strings.TrimPrefix(sockPath, unixPrefix)
} else {
More information about the tor-commits
mailing list