[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [sandboxed-tor-browser/master] When running the hardened bundle, load libasan.so before the stub.

commit 8f671b6f5261063085fe4eccc99a03ebe0f4be26
Author: Yawning Angel <yawning@xxxxxxxxxxxxxxx>
Date:   Thu Dec 8 20:37:08 2016 +0000

    When running the hardened bundle, load libasan.so before the stub.
    
    Sort of silly, but it demands this of us or it dumps alarming looking
    warnings to the log.  While I'm here, the stub living in /tmp is silly,
    so move/rename it and jam it in the user's home directory.
---
 .../internal/sandbox/application.go                   | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 4cd4ca0..6de8a5e 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -45,7 +45,7 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (cm
 	const (
 		profileSubDir = "TorBrowser/Data/Browser/profile.default"
 		cachesSubDir  = "TorBrowser/Data/Browser/Caches"
-		stubPath      = "/tmp/tbb_stub.so"
+		stubPath      = "/home/amnesia/.tbb_stub.so"
 		controlSocket = "control"
 		socksSocket   = "socks"
 	)
@@ -165,13 +165,28 @@ func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor) (cm
 	// supply the relevant args required for functionality.
 	ctrlPath := filepath.Join(h.runtimeDir, controlSocket)
 	socksPath := filepath.Join(h.runtimeDir, socksSocket)
-	h.setenv("LD_PRELOAD", stubPath)
 	h.setenv("TOR_STUB_CONTROL_SOCKET", ctrlPath)
 	h.setenv("TOR_STUB_SOCKS_SOCKET", socksPath)
 	h.bind(tor.CtrlSurrogatePath(), ctrlPath, false)
 	h.bind(tor.SocksSurrogatePath(), socksPath, false)
 	h.assetFile(stubPath, "tbb_stub.so")
 
+	ldPreload := stubPath
+	if manif.Channel == "hardened" {
+		// ASAN wants to be the first entry on LD_PRELOAD, so placate it.
+		matches, err := filepath.Glob(filepath.Join(realBrowserHome, "TorBrowser", "Tor") + "/libasan.so*")
+		if err != nil {
+			return nil, err
+		}
+		if len(matches) < 1 {
+			log.Printf("sandbox: Failed to find 'libasan.so.*'")
+		} else {
+			_, f := filepath.Split(matches[0])
+			ldPreload = f + ":" + ldPreload
+		}
+	}
+	h.setenv("LD_PRELOAD", ldPreload)
+
 	// Hardware accelerated OpenGL will not work, and never will.
 	h.setenv("LIBGL_ALWAYS_SOFTWARE", "1")
 

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits