tor-browser-bundle-bin: Enable content sandbox and hardened malloc
Tor browser enables multi-process support in firefox to sandbox each site in its own process. This is a very important security feature. It was disabled in the nixpkgs version, according to a comment due to "crashing tabs", but running with it enabled I have not been able to recreate this. Sandboxing enabled is the upstream default, and if we can't ship a tor browser that way then we should not ship one at all. Also re-enable useHardenedMalloc to use graphene-hardened-malloc. Here there was also a comment, in this case saying it caused "crashes with intel driver". I have also been unable to recreate this on my Intel UHD P630 onboard graphics. I believe neither of these are issues any longer.
This commit is contained in:
parent
51289b6b65
commit
5499f32f08
@ -43,12 +43,11 @@
|
||||
|
||||
# Hardening
|
||||
, graphene-hardened-malloc
|
||||
# crashes with intel driver
|
||||
, useHardenedMalloc ? false
|
||||
# Whether to use graphene-hardened-malloc
|
||||
, useHardenedMalloc ? true
|
||||
|
||||
# Whether to disable multiprocess support to work around crashing tabs
|
||||
# TODO: fix the underlying problem instead of this terrible work-around
|
||||
, disableContentSandbox ? true
|
||||
# Whether to disable multiprocess support
|
||||
, disableContentSandbox ? false
|
||||
|
||||
# Extra preferences
|
||||
, extraPrefs ? ""
|
||||
|
Loading…
Reference in New Issue
Block a user