[tor-commits] [sandboxed-tor-browser/master] Bug #20773: Mount `/proc` in the tor container for hardened.

Mon, 28 Nov 2016 00:23:52 -0800 

commit 09b66528f6013c0ca5ee9be20ad91cadb3e901aa
Author: Yawning Angel <[email protected]>
Date:   Mon Nov 28 08:22:03 2016 +0000

    Bug #20773: Mount `/proc` in the tor container for hardened.
    
    Asan requires `/proc/self/maps` to run.  Fun fun fun.
---
 src/cmd/sandboxed-tor-browser/internal/sandbox/application.go | 9 +++++++--
 src/cmd/sandboxed-tor-browser/internal/ui/ui.go               | 2 +-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go 
b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 22c43ee..26baeef 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -441,7 +441,7 @@ func stageUpdate(updateDir, installDir string, mar []byte) 
error {
 }
 
 // RunTor launches sandboxeed Tor.
-func RunTor(cfg *config.Config, torrc []byte) (cmd *exec.Cmd, err error) {
+func RunTor(cfg *config.Config, manif *config.Manifest, torrc []byte) (cmd 
*exec.Cmd, err error) {
        defer func() {
                if r := recover(); r != nil {
                        err = fmt.Errorf("%v", r)
@@ -473,8 +473,13 @@ func RunTor(cfg *config.Config, torrc []byte) (cmd 
*exec.Cmd, err error) {
        // `/proc/sys/net/core/somaxconn` - obfs4proxy, Go runtime uses this to
        //    determine listener backlog, but will default to `128` on errors.
        //
+       // Hardened builds are special cased because asan crashes the binary
+       // if it can't read `/proc/self/maps`.
+       //
        // See: https://bugs.torproject.org/20773
-       h.mountProc = false
+       if manif.Channel != "hardened" {
+               h.mountProc = false
+       }
 
        if err = os.MkdirAll(cfg.TorDataDir, DirMode); err != nil {
                return
diff --git a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go 
b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go
index 80588de..b2ca8ee 100644
--- a/src/cmd/sandboxed-tor-browser/internal/ui/ui.go
+++ b/src/cmd/sandboxed-tor-browser/internal/ui/ui.go
@@ -282,7 +282,7 @@ func (c *Common) launchTor(async *Async, onlySystem bool) 
(dialFunc, error) {
                os.Remove(filepath.Join(c.Cfg.TorDataDir, "control_port"))
 
                async.UpdateProgress("Launching Tor executable.")
-               cmd, err := sandbox.RunTor(c.Cfg, torrc)
+               cmd, err := sandbox.RunTor(c.Cfg, c.Manif, torrc)
                if err != nil {
                        async.Err = err
                        return nil, err

_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Reply via email to