Merge pull request #70450 from joachifm/feat/tor-browser-hardened-alloc

tor-browser-bundle-bin: use hardened allocator
This commit is contained in:
Joachim F 2019-10-12 07:25:22 +00:00 committed by GitHub
commit 690f986c0f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -44,6 +44,10 @@
, shared-mime-info
, gsettings-desktop-schemas
# Hardening
, graphene-hardened-malloc
, useHardenedMalloc ? graphene-hardened-malloc != null && builtins.elem stdenv.system graphene-hardened-malloc.meta.platforms
# Whether to disable multiprocess support to work around crashing tabs
# TODO: fix the underlying problem instead of this terrible work-around
, disableContentSandbox ? true
@ -245,6 +249,9 @@ stdenv.mkDerivation rec {
GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6
EOF
WRAPPER_LD_PRELOAD=${optionalString useHardenedMalloc
"${graphene-hardened-malloc}/lib/libhardened_malloc.so"}
WRAPPER_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [
gnome3.adwaita-icon-theme
shared-mime-info
@ -327,6 +334,8 @@ stdenv.mkDerivation rec {
#
# XDG_DATA_DIRS is set to prevent searching system dirs (looking for .desktop & icons)
exec env -i \
LD_PRELOAD=$WRAPPER_LD_PRELOAD \
\
TZ=":" \
TZDIR="\''${TZDIR:-}" \
LOCALE_ARCHIVE="\$LOCALE_ARCHIVE" \