tor-browser-bundle-bin: Enable content sandbox and hardened malloc

Tor browser enables multi-process support in firefox to sandbox each site
in its own process. This is a very important security feature. It was
disabled in the nixpkgs version, according to a comment due to "crashing
tabs", but running with it enabled I have not been able to recreate this.
Sandboxing enabled is the upstream default, and if we can't ship a tor
browser that way then we should not ship one at all.

Also re-enable useHardenedMalloc to use graphene-hardened-malloc. Here
there was also a comment, in this case saying it caused "crashes with
intel driver". I have also been unable to recreate this on my Intel
UHD P630 onboard graphics.

I believe neither of these are issues any longer.
This commit is contained in:
Davíð Steinn Geirsson 2021-11-04 23:10:37 +00:00
parent 51289b6b65
commit 5499f32f08

View File

@ -43,12 +43,11 @@
# Hardening
, graphene-hardened-malloc
# crashes with intel driver
, useHardenedMalloc ? false
# Whether to use graphene-hardened-malloc
, useHardenedMalloc ? true
# Whether to disable multiprocess support to work around crashing tabs
# TODO: fix the underlying problem instead of this terrible work-around
, disableContentSandbox ? true
# Whether to disable multiprocess support
, disableContentSandbox ? false
# Extra preferences
, extraPrefs ? ""