MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 07:46:09 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

tor-browser-bundle-bin: Enable content sandbox and hardened malloc

Browse source 
Tor browser enables multi-process support in firefox to sandbox each site
in its own process. This is a very important security feature. It was
disabled in the nixpkgs version, according to a comment due to "crashing
tabs", but running with it enabled I have not been able to recreate this.
Sandboxing enabled is the upstream default, and if we can't ship a tor
browser that way then we should not ship one at all.

Also re-enable useHardenedMalloc to use graphene-hardened-malloc. Here
there was also a comment, in this case saying it caused "crashes with
intel driver". I have also been unable to recreate this on my Intel
UHD P630 onboard graphics.

I believe neither of these are issues any longer.
This commit is contained in:
Davíð Steinn Geirsson 2021-11-04 23:10:37 +00:00
parent 51289b6b65
commit 5499f32f08
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix
View file

@ -43,12 +43,11 @@
# Hardening
, graphene-hardened-malloc
# crashes with intel driver
, useHardenedMalloc ? false
# Whether to use graphene-hardened-malloc
, useHardenedMalloc ? true
# Whether to disable multiprocess support to work around crashing tabs
# TODO: fix the underlying problem instead of this terrible work-around
, disableContentSandbox ? true
# Whether to disable multiprocess support
, disableContentSandbox ? false
# Extra preferences
, extraPrefs ? ""