Merge pull request #70450 from joachifm/feat/tor-browser-hardened-alloc
tor-browser-bundle-bin: use hardened allocator
This commit is contained in:
commit
690f986c0f
@ -44,6 +44,10 @@
|
||||
, shared-mime-info
|
||||
, gsettings-desktop-schemas
|
||||
|
||||
# Hardening
|
||||
, graphene-hardened-malloc
|
||||
, useHardenedMalloc ? graphene-hardened-malloc != null && builtins.elem stdenv.system graphene-hardened-malloc.meta.platforms
|
||||
|
||||
# Whether to disable multiprocess support to work around crashing tabs
|
||||
# TODO: fix the underlying problem instead of this terrible work-around
|
||||
, disableContentSandbox ? true
|
||||
@ -245,6 +249,9 @@ stdenv.mkDerivation rec {
|
||||
GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6
|
||||
EOF
|
||||
|
||||
WRAPPER_LD_PRELOAD=${optionalString useHardenedMalloc
|
||||
"${graphene-hardened-malloc}/lib/libhardened_malloc.so"}
|
||||
|
||||
WRAPPER_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [
|
||||
gnome3.adwaita-icon-theme
|
||||
shared-mime-info
|
||||
@ -327,6 +334,8 @@ stdenv.mkDerivation rec {
|
||||
#
|
||||
# XDG_DATA_DIRS is set to prevent searching system dirs (looking for .desktop & icons)
|
||||
exec env -i \
|
||||
LD_PRELOAD=$WRAPPER_LD_PRELOAD \
|
||||
\
|
||||
TZ=":" \
|
||||
TZDIR="\''${TZDIR:-}" \
|
||||
LOCALE_ARCHIVE="\$LOCALE_ARCHIVE" \
|
||||
|
Loading…
Reference in New Issue
Block a user