[tor-commits] [sandboxed-tor-browser/master] Keep the PaX attributes around, regardless of browser version.
yawning at torproject.org
yawning at torproject.org
Tue Dec 20 08:26:02 UTC 2016
commit ff38c2a7695e27bf164569a1b34387449a78f285
Author: Yawning Angel <yawning at schwanenlied.me>
Date: Tue Dec 20 08:24:53 2016 +0000
Keep the PaX attributes around, regardless of browser version.
This won't work even with ESR52, and will probably require a JIT rewrite
because of the way the JIT expects to be able to modify mapping
permissions.
---
ChangeLog | 5 ++---
src/cmd/sandboxed-tor-browser/internal/sandbox/application.go | 6 ++----
2 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 9128892..1d9cb6f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,9 +13,8 @@ Changes in version 0.0.3 - UNRELEASED:
* Include the git revision as a static asset, and display it as part of
the `--version` output.
* Fix a nil pointer deref on SIGINT received durring bootstrap.
- * Per the browser developers, the initial 7.0 alpha builds will not be ESR52
- based, with a switch mid-alpha series, so keep the Grsec PaX override
- around till 7.0.0 release.
+ * Don't remove the PaX overrides ever, because until the JIT gets rewritten
+ Firefox won't play nice with MPROTECT.
Changes in version 0.0.2 - 2016-12-10:
* Bug #20780: Shuffle and persist the ordering of internal bridges.
diff --git a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
index 9df10e6..4cff1c7 100644
--- a/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
+++ b/src/cmd/sandboxed-tor-browser/internal/sandbox/application.go
@@ -337,10 +337,8 @@ func applyPaXAttributes(manif *config.Manifest, f string) error {
sz, _ := syscall.Getxattr(f, paxAttr, nil)
- // Strip off the attribute if this is a non-grsec kernel, or the bundle is
- // sufficiently recent to the point where the required W^X fixes are present
- // in the JIT.
- if !IsGrsecKernel() || manif.BundleVersionAtLeast("7.0.0") {
+ // Strip off the attribute if this is a non-grsec kernel.
+ if !IsGrsecKernel() {
if sz > 0 {
log.Printf("sandbox: Removing Tor Browser PaX attributes.")
syscall.Removexattr(f, paxAttr)
More information about the tor-commits
mailing list