[PR #2915] [MERGED] tighten private-bin and etc for torbrowser-launcher.profile #4582

New issue

Closed

opened 2026-05-05 10:22:50 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:22:50 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/2915
Author: @corecontingency
Created: 8/17/2019
Status: ✅ Merged
Merged: 8/18/2019
Merged by: @netblue30

Base: master ← Head: master

📝 Commits (1)

6051def tighten private-bin and etc for torbrowser-launcher.profile

📊 Changes

1 file changed (+2 additions, -2 deletions)

View changed files

📝 etc/torbrowser-launcher.profile (+2 -2)

📄 Description

Tor Browser occupies a very interesting space with firejail, as ideally we would not only want to prevent further system compromise, but also to prevent further de-anonymization (beyond your ip address, which I assume is trivially easy to get if Tor Browser is compromised, regardless of firejail).

To aid in this, Tor Browser should not be able to gain access to the name of the user, and the name of the home directory. As such,

id can expose user name
pwd can expose name of host directory
readlink can expose name of host directory
realpath can expose name of host directory

should be removed from private-bin.

Ideally, Tor Browser should not be able to access env (also can leak user name and name of host directory), but the program will not work if it is removed (cannot access $PATH), so that is a task for another day. However, getconf is not necessary, and can leak environment variables, so that has been removed from private-bin.

hosts and hostname should be removed from private-etc, as it can leak the name of the user.

This change has been tested on Fedora 30/GNOME and Arch Linux/KDE, and works fine on both, using torbrowser-launcher (from repository) and AUR version, respectively. Used firejail compiled from master for testing.

It is possible to remove far more, for instance, on my computer (Arch/KDE) I am running:

private-bin bash,cp,dirname,env,expr,file,grep,ln,mkdir,python*,rm,sh,tor-browser,tor-browser-en,torbrowser-launcher,xz
private-etc machine-id

However, I decided to err on the side of caution for general use.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/2915 **Author:** [@corecontingency](https://github.com/corecontingency) **Created:** 8/17/2019 **Status:** ✅ Merged **Merged:** 8/18/2019 **Merged by:** [@netblue30](https://github.com/netblue30) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`6051def`](https://github.com/netblue30/firejail/commit/6051def6a00fcf212c99181b1bca28bed50b2443) tighten private-bin and etc for torbrowser-launcher.profile ### 📊 Changes **1 file changed** (+2 additions, -2 deletions) <details> <summary>View changed files</summary> 📝 `etc/torbrowser-launcher.profile` (+2 -2) </details> ### 📄 Description Tor Browser occupies a very interesting space with firejail, as ideally we would not only want to prevent further system compromise, but also to prevent further de-anonymization (beyond your ip address, which I assume is trivially easy to get if Tor Browser is compromised, regardless of firejail). To aid in this, Tor Browser should not be able to gain access to the name of the user, and the name of the home directory. As such, `id` can expose user name `pwd` can expose name of host directory `readlink` can expose name of host directory `realpath` can expose name of host directory should be removed from private-bin. Ideally, Tor Browser should not be able to access `env` (also can leak user name and name of host directory), but the program will not work if it is removed (cannot access $PATH), so that is a task for another day. However, `getconf` is not necessary, and can leak environment variables, so that has been removed from private-bin. `hosts` and `hostname` should be removed from private-etc, as it can leak the name of the user. This change has been tested on Fedora 30/GNOME and Arch Linux/KDE, and works fine on both, using torbrowser-launcher (from repository) and AUR version, respectively. Used firejail compiled from master for testing. It is possible to remove far more, for instance, on my computer (Arch/KDE) I am running: ``` private-bin bash,cp,dirname,env,expr,file,grep,ln,mkdir,python*,rm,sh,tor-browser,tor-browser-en,torbrowser-launcher,xz private-etc machine-id ``` However, I decided to err on the side of caution for general use. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:22:50 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#4582

No description provided.

Rows
Columns