[tor-commits] [sandboxed-tor-browser/master] When running the hardened bundle, load libasan.so before the stub.
yawning at torproject.org
yawning at torproject.org
Thu Dec 8 20:44:44 UTC 2016
commit 8f671b6f5261063085fe4eccc99a03ebe0f4be26
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Thu Dec 8 20:37:08 2016 +0000
When running the hardened bundle, load libasan.so before the stub.
Sort of silly, but it demands this of us or it dumps alarming looking
warnings to the log. While I'm here, the stub living in /tmp is silly,
so move/rename it and jam it in the user's home directory.
---
.../internal/sandbox/application.go | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 4cd4ca0..6de8a5e 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -45,7 +45,7 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (cm
const (
profileSubDir = "TorBrowser/Data/Browser/profile.default"
cachesSubDir = "TorBrowser/Data/Browser/Caches"
- stubPath = "/tmp/tbb_stub.so"
+ stubPath = "/home/amnesia/.tbb_stub.so"
controlSocket = "control"
socksSocket = "socks"
)
@@ -165,13 +165,28 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (cm
// supply the relevant args required for functionality.
ctrlPath := filepath.Join(h.runtimeDir, controlSocket)
socksPath := filepath.Join(h.runtimeDir, socksSocket)
- h.setenv("LD_PRELOAD", stubPath)
h.setenv("TOR_STUB_CONTROL_SOCKET", ctrlPath)
h.setenv("TOR_STUB_SOCKS_SOCKET", socksPath)
h.bind(tor.CtrlSurrogatePath(), ctrlPath, false)
h.bind(tor.SocksSurrogatePath(), socksPath, false)
h.assetFile(stubPath, "tbb_stub.so")
+ ldPreload := stubPath
+ if manif.Channel == "hardened" {
+ // ASAN wants to be the first entry on LD_PRELOAD, so placate it.
+ matches, err := filepath.Glob(filepath.Join(realBrowserHome, "TorBrowser", "Tor") + "/libasan.so*")
+ if err != nil {
+ return nil, err
+ }
+ if len(matches) < 1 {
+ log.Printf("sandbox: Failed to find 'libasan.so.*'")
+ } else {
+ _, f := filepath.Split(matches[0])
+ ldPreload = f + ":" + ldPreload
+ }
+ }
+ h.setenv("LD_PRELOAD", ldPreload)
+
// Hardware accelerated OpenGL will not work, and never will.
h.setenv("LIBGL_ALWAYS_SOFTWARE", "1")
More information about the tor-commits
mailing list