Opened 3 years ago

Last modified 3 years ago

#20884 new defect

Tor Browser requires D-Bus' /etc/machine-id on Arch Linux

Reported by: robotanarchy Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Hello Tor developers,

I have been playing with firejail to harden the Tor Browser on Arch Linux. And I've noticed, that when creating a private /etc folder with only the minimal required files, the file /etc/machine-id is necessary or the Firefox in Tor Browser will segfault.

http://0pointer.de/public/systemd-man/machine-id.html

The machine ID is usually generated from a random source during system installation and stays constant for all subsequent boots.

This could be a potential issue, when tor browser gets exploited and someone can uniquely identify the host machine with that ID.

Maybe it would be feasible to build Firefox without the D-Bus dependency on Linux to solve this?

Related firejail ticket:
https://github.com/netblue30/firejail/issues/955

Thanks for making Tor!

Child Tickets

Change History (1)

comment:1 Changed 3 years ago by yawning

Oh hey, I ran into this a while ago.

It depends on what causes firefox to assert on D-Bus not being available. Disabling everything that uses D-Bus all together is likely out of the question because it breaks things that users actually need like I-Bus.

For what it's worth, the file just needs to be present and "well formed" to get past the assert, as long as you don't actually care about D-Bus. My sandbox monstrosity uses 000102030405060708090a0b0c0d0e0f under the thought that a unique ID that's common to all sandbox users is fine, since it's blatantly obvious that the sandbox is present.

Note: See TracTickets for help on using tickets.