Don't grant full D-Bus session bus access (!23) · Merge requests · The Tor Project / Applications / torbrowser-launcher

This very broad access was added in e049fdcc without a clear description of what problem it fixed. It's very broad and dangerous, as in: it probably allows an adversary who took control of the browser to escape the sandbox is a variety of ways.

Instead, let's only allow access to the bus itself. Once we have bug reports that help us understand which additional permissions may be needed, we can reconsider. E.g. we can add fine-grained D-Bus mediation on systems that support it, or simply revert this commit if it turns out it's the best solution to a well-defined problem.

References:

!16 (comment 3001291)
#23 (comment 3093839)

Closes #23 (closed)

Edited Feb 10, 2025 by intrigeri

Don't grant full D-Bus session bus access

Merge request reports