commit 1c528cc4610f4609b3df4244e9ddacb2ef2cfda0
Author: Yawning Angel <[email protected]>
Date: Sun Jun 25 05:01:58 2017 +0000
Remove the undocumented command line options that enable unsafe behavior.
"We are not believers in buttons. Knobs are for knobs." -- Theo
---
ChangeLog | 1 +
.../internal/sandbox/application.go | 13 +++----------
.../sandboxed-tor-browser/internal/sandbox/x11/x11.go | 19 ++++---------------
3 files changed, 8 insertions(+), 25 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 742153f..69b4a5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
Changes in version 0.0.9 - UNRELEASED:
* Fix the build being broken on Debian Jessie due to #22648.
+ * Remove the undocumented command line options that enable unsafe behavior.
Changes in version 0.0.8 - 2017-06-19:
* Bug 20776: Remove the X11 `MIT-SHM` workaround from the stub.
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 61722c1..f66c1ba 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -20,7 +20,6 @@ package sandbox
import (
"bytes"
- "flag"
"fmt"
"io/ioutil"
"log"
@@ -41,10 +40,7 @@ import (
const restrictedLibDir = "/usr/lib"
-var (
- distributionDependentLibSearchPath []string
- allowGstreamer bool
-)
+var distributionDependentLibSearchPath []string
// RunTorBrowser launches sandboxed Tor Browser.
func RunTorBrowser(cfg *config.Config, manif *config.Manifest, tor *tor.Tor)
(process *Process, err error) {
@@ -322,10 +318,9 @@ func filterCodecs(fn string, allowFfmpeg bool) error {
"libgstapp",
"libgstvideo",
}
- if allowGstreamer && allowFfmpeg {
+ if allowFfmpeg {
codecPrefixes = []string{}
- }
- if !allowFfmpeg {
+ } else if !allowFfmpeg {
codecPrefixes = append(codecPrefixes, "libavcodec")
}
@@ -874,6 +869,4 @@ func init() {
}
distributionDependentLibSearchPath = searchPaths
-
- flag.BoolVar(&allowGstreamer, "allow-gstreamer", false, "Don't
blacklist gstreamer libraries.")
}
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/x11/x11.go
b/src/cmd/sandboxed-tor-browser/internal/sandbox/x11/x11.go
index 908bedd..15960fb 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/x11/x11.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/x11/x11.go
@@ -20,7 +20,6 @@ package x11
import (
"encoding/binary"
- "flag"
"fmt"
"io/ioutil"
"os"
@@ -31,8 +30,6 @@ import (
. "cmd/sandboxed-tor-browser/internal/utils"
)
-var disableX11Filter bool
-
const SockDir = "/tmp/.X11-unix"
func craftAuthority(hugboxHostname, realDisplay string) ([]byte, error) {
@@ -186,15 +183,11 @@ func (x *SandboxedX11) Socket() string {
func (x *SandboxedX11) LaunchSurrogate() error {
// Launch the surrogate unless disabled.
- if !disableX11Filter {
- Debugf("sandbox: X11: Launching surrogate")
+ Debugf("sandbox: X11: Launching surrogate")
- var err error
- if x.Surrogate, err = launchSurrogate(x.hSock, x.pSock,
x.hDisplay); err != nil {
- return err
- }
- } else {
- Debugf("sandbox: X11: Direct bind-mounting X11 (UNSAFE)")
+ var err error
+ if x.Surrogate, err = launchSurrogate(x.hSock, x.pSock, x.hDisplay);
err != nil {
+ return err
}
x.launched = true
return nil
@@ -243,7 +236,3 @@ func New(display, hostname, pSock string) (*SandboxedX11,
error) {
return x, nil
}
-
-func init() {
- flag.BoolVar(&disableX11Filter, "disable-X11-filter", false, "Use X11
directly (Unsafe)")
-}
_______________________________________________
tor-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
