[tor-commits] [Git][tpo/applications/tor-browser-build][maint-13.0] Bug 41050: Improve disk leak sanitization on startup.

Tue, 19 Dec 2023 08:15:51 -0800 


ma1 pushed to branch maint-13.0 at The Tor Project / Applications / 
tor-browser-build


Commits:
8ebeb4d1 by hackademix at 2023-12-19T17:15:07+01:00
Bug 41050: Improve disk leak sanitization on startup.

- - - - -


1 changed file:

- projects/browser/RelativeLink/start-browser


Changes:

=====================================
projects/browser/RelativeLink/start-browser
=====================================
@@ -258,18 +258,32 @@ HOME="${PWD}"
 export HOME
 
 # Prevent disk leaks in $HOME/.local/share (tor-browser#17560)
+function erase_leaky() {
+       local leaky="$1"
+       [ -e "$leaky" ] &&
+       ( srm -r "$leaky" ||
+         wipe -r "$leaky" ||
+         find "$leaky" -type f -exec shred -u {} \; ;
+         rm -rf "$leaky"
+       ) > /dev/null 2>&1
+}
 local_dir="$HOME/.local/"
 share_dir="$local_dir/share"
-if [ -d "$share_dir" ]; then
-    ( srm -r "$share_dir" ||
-      wipe -r "$share_dir" ||
-      find "$share_dir" -type f -exec shred -u {} \; ;
-      rm -rf "$share_dir"
-    ) > /dev/null 2>&1
-else
-    mkdir -p "$local_dir"
+# We don't want to mess with symlinks, possibly pointing outside the
+# Browser directory (tor-browser-build#41050).
+# We're not using realpath/readlink for consistency with the (possibly
+# outdated) availability assumptions made elsewhere in this script.
+if ! [ -L "$local_dir" -o -L "$share_dir" ]; then
+       if [ -d "$share_dir" ]; then
+               for leaky_path in "gvfs-metadata" "recently-used.xbel"; do
+                       erase_leaky "$share_dir/$leaky_path"
+               done
+       else
+               mkdir -p "$local_dir"
+       fi
+       ln -fs /dev/null "$share_dir"
 fi
-ln -fs /dev/null "$share_dir"
+[ -L "$HOME/.cache" ] || erase_leaky "$HOME/.cache/nvidia"
 
 [% IF c("var/tor-browser") -%]
 SYSARCHITECTURE=$(getconf LONG_BIT)



View it on GitLab: 
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8ebeb4d1651dfbd73d96df293e115835ccf7de83

-- 
View it on GitLab: 
https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/commit/8ebeb4d1651dfbd73d96df293e115835ccf7de83
You're receiving this email because of your account on gitlab.torproject.org.



_______________________________________________
tor-commits mailing list
tor-commits@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Reply via email to