nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-29 10:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

tor-browser-bundle-bin: use hardened allocator

Browse Source
This commit is contained in:
Joachim Fasting 2019-09-24 10:28:37 +02:00
parent 2436c27541
commit bd78aa0d9f
No known key found for this signature in database
GPG Key ID: 5C204DF675C90294
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
View File

@ -44,6 +44,10 @@
, shared-mime-info , shared-mime-info
, gsettings-desktop-schemas , gsettings-desktop-schemas
# Hardening
, graphene-hardened-malloc
, useHardenedMalloc ? graphene-hardened-malloc != null && builtins.elem stdenv.system graphene-hardened-malloc.meta.platforms
# Whether to disable multiprocess support to work around crashing tabs # Whether to disable multiprocess support to work around crashing tabs
# TODO: fix the underlying problem instead of this terrible work-around # TODO: fix the underlying problem instead of this terrible work-around
, disableContentSandbox ? true , disableContentSandbox ? true
@ -245,6 +249,9 @@ stdenv.mkDerivation rec {
GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6 GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6
EOF EOF
WRAPPER_LD_PRELOAD=${optionalString useHardenedMalloc
"${graphene-hardened-malloc}/lib/libhardened_malloc.so"}
WRAPPER_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [ WRAPPER_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [
gnome3.adwaita-icon-theme gnome3.adwaita-icon-theme
shared-mime-info shared-mime-info
@ -327,6 +334,8 @@ stdenv.mkDerivation rec {
# #
# XDG_DATA_DIRS is set to prevent searching system dirs (looking for .desktop & icons) # XDG_DATA_DIRS is set to prevent searching system dirs (looking for .desktop & icons)
exec env -i \ exec env -i \
LD_PRELOAD=$WRAPPER_LD_PRELOAD \
\
TZ=":" \ TZ=":" \
TZDIR="\''${TZDIR:-}" \ TZDIR="\''${TZDIR:-}" \
LOCALE_ARCHIVE="\$LOCALE_ARCHIVE" \ LOCALE_ARCHIVE="\$LOCALE_ARCHIVE" \