diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix')
| -rw-r--r-- | nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix b/nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix index 563c0e751c8..5dfda424acf 100644 --- a/nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix +++ b/nixpkgs/pkgs/applications/networking/browsers/tor-browser-bundle-bin/default.nix @@ -44,6 +44,10 @@ , shared-mime-info , gsettings-desktop-schemas +# Hardening +, graphene-hardened-malloc +, useHardenedMalloc ? graphene-hardened-malloc != null && builtins.elem stdenv.system graphene-hardened-malloc.meta.platforms + # Whether to disable multiprocess support to work around crashing tabs # TODO: fix the underlying problem instead of this terrible work-around , disableContentSandbox ? true @@ -245,6 +249,9 @@ stdenv.mkDerivation rec { GeoIPv6File $TBB_IN_STORE/TorBrowser/Data/Tor/geoip6 EOF + WRAPPER_LD_PRELOAD=${optionalString useHardenedMalloc + "${graphene-hardened-malloc}/lib/libhardened_malloc.so"} + WRAPPER_XDG_DATA_DIRS=${concatMapStringsSep ":" (x: "${x}/share") [ gnome3.adwaita-icon-theme shared-mime-info @@ -327,6 +334,8 @@ stdenv.mkDerivation rec { # # XDG_DATA_DIRS is set to prevent searching system dirs (looking for .desktop & icons) exec env -i \ + LD_PRELOAD=$WRAPPER_LD_PRELOAD \ + \ TZ=":" \ TZDIR="\''${TZDIR:-}" \ LOCALE_ARCHIVE="\$LOCALE_ARCHIVE" \ |