summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2015-05-11 11:48:17 +0000
committerintrigeri <intrigeri@boum.org>2015-05-11 11:48:17 +0000
commit654fdcb010e98f48406b79898a7e4fde5a5b5be5 (patch)
tree0b51ba3f5b05a0fd42122ca7fd9caa2c74dc6e6c
parent3d56fe48ff25d04015b4765ce5b3186ceb81e615 (diff)
parent39fa70c66feb8e6dac3f6f79ef2a7aebbf523a80 (diff)
Merge branch 'bugfix/9370-AppArmor-hardening-Pidgin' into testing
Fix-committed: #9370
-rwxr-xr-xconfig/chroot_local-includes/usr/local/bin/tor-browser6
1 files changed, 6 insertions, 0 deletions
diff --git a/config/chroot_local-includes/usr/local/bin/tor-browser b/config/chroot_local-includes/usr/local/bin/tor-browser
index 09b2b2a..80200a3 100755
--- a/config/chroot_local-includes/usr/local/bin/tor-browser
+++ b/config/chroot_local-includes/usr/local/bin/tor-browser
@@ -1,5 +1,11 @@
#!/bin/sh
+# AppArmor Ux rules don't sanitize $PATH, which can lead to an
+# exploited application (that's allowed to run this script unconfined)
+# having this script run arbitrary code, violating that application's
+# confinement. Let's prevent that by setting PATH to a list of
+# directories where only root can write.
+export PATH='/usr/local/bin:/usr/bin:/bin'
# Do not "set -u", else importing gettext.sh dies
# with "ZSH_VERSION: parameter not set".