[tor-commits] [sandboxed-tor-browser/master] Bug #20773: Mount `/proc` in the tor container for hardened.

Mon Nov 28 08:22:56 UTC 2016

commit 09b66528f6013c0ca5ee9be20ad91cadb3e901aa
Author: Yawning Angel <yawning at schwanenlied.me>
Date:   Mon Nov 28 08:22:03 2016 +0000

    Bug #20773: Mount `/proc` in the tor container for hardened.
    
    Asan requires `/proc/self/maps` to run.  Fun fun fun.
---
 src/cmd/sandboxed-tor-browser/internal/sandbox/application.go | 9 +++++++--
 src/cmd/sandboxed-tor-browser/internal/ui/ui.go               | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 22c43ee..26baeef 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -441,7 +441,7 @@ func stageUpdate(updateDir, installDir string, mar []byte) error {
 }
 
 // RunTor launches sandboxeed Tor.
-func RunTor(cfg *config.Config, torrc []byte) (cmd *exec.Cmd, err error) {
+func RunTor(cfg *config.Config, manif *config.Manifest, torrc []byte) (cmd *exec.Cmd, err error) {
 	defer func() {
 		if r := recover(); r != nil {
 			err = fmt.Errorf("%v", r)
@@ -473,8 +473,13 @@ func RunTor(cfg *config.Config, torrc []byte) (cmd *exec.Cmd, err error) {
 	// `/proc/sys/net/core/somaxconn` - obfs4proxy, Go runtime uses this to
 	//    determine listener backlog, but will default to `128` on errors.
 	//
+	// Hardened builds are special cased because asan crashes the binary
+	// if it can't read `/proc/self/maps`.
+	//
 	// See: https://bugs.torproject.org/20773
-	h.mountProc = false
+	if manif.Channel != "hardened" {
+		h.mountProc = false
+	}
 
 	if err = os.MkdirAll(cfg.TorDataDir, DirMode); err != nil {
 		return
diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go
index 80588de..b2ca8ee 100644
--- a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go
+++ b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go
@@ -282,7 +282,7 @@ func (c *Common) launchTor(async *Async, onlySystem bool) (dialFunc, error) {
 		os.Remove(filepath.Join(c.Cfg.TorDataDir, "control_port"))
 
 		async.UpdateProgress("Launching Tor executable.")
-		cmd, err := sandbox.RunTor(c.Cfg, torrc)
+		cmd, err := sandbox.RunTor(c.Cfg, c.Manif, torrc)
 		if err != nil {
 			async.Err = err
 			return nil, err

