[Pkg-anonymity-tools] Bug#783922: Newest TBB does not start with provided AppArmor profile in enforce mode

Fabian Grünbichler fabian.gruenbichler at student.tuwien.ac.at
Fri May 1 09:51:06 UTC 2015 

Package: torbrowser-launcher
Version: 0.1.9-1
Severity: normal
Tags: upstream


Starting the TBB using "torbrowser-launcher" simply exits without any
error message. When run from a terminal, the following output is displayed:

-------------snip-------------

 Tor Browser Launcher
 By Micah Lee, licensed under MIT
 version 0.1.9
 https://github.com/micahflee/torbrowser-launcher
 Initializing Tor Browser Launcher
 Importing keys
 gpg: key 63FEE659: "Erinn Clark <erinn at torproject.org>" not changed
 gpg: Total number processed: 1
 gpg:              unchanged: 1
 gpg: key 93298290: "Tor Browser Developers (signing key)
<torbrowser at torproject.org>" not changed
 gpg: Total number processed: 1
 gpg:              unchanged: 1
 Starting launcher dialog
 LATEST VERSION 4.5
 Checked for update within 24 hours, skipping
 Latest version of TBB is installed, launching
 /usr/bin/env: error while loading shared libraries: cannot apply
additional memory protection after relocation: Permission denied

--------------snap-------------

AppArmor logs the following DENIED operation (once for every attempt to
start using torbrowser-launcher):

kernel: audit: type=1400 audit(1430470986.687:11317): apparmor="DENIED"
operation="file_mprotect"
profile="/home/*/.local/share/torbrowser/tbb/{i686,x86_64}/tor-browser_*/{Browser/,}start-tor-browser"
name="/usr/bin/env" pid=2014 comm="start-tor-brows" requested_mask="r"
denied_mask="r" fsuid=1000 ouid=0

Strangely, the exit code of torbrowser-launcher is 0.

Putting the AppArmor profile torbrowser.start-tor-browser into complain
mode "solves" the problem. The other profiles (for the bundled firefox,
tor and the torbrowser-launcher itself) are all in enforce mode without
problems.

It seems this was already reported upstream on
https://github.com/micahflee/torbrowser-launcher/issues/177

Thanks for your work on Tor and the Tor Browser!

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (510, 'unstable'), (500, 'stable-updates'), (500,
'stable'), (310, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages torbrowser-launcher depends on:
ii  gnupg            1.4.18-7
ii  python           2.7.9-1
ii  python-gtk2      2.24.0-4
ii  python-lzma      0.5.3-2+b1
ii  python-parsley   1.2-1
ii  python-psutil    2.1.1-1+b1
ii  python-twisted   14.0.2-3
ii  python-txsocksx  1.13.0.3-1
ii  tor              0.2.5.12-1
ii  wmctrl           1.07-7

torbrowser-launcher recommends no packages.

Versions of packages torbrowser-launcher suggests:
ii  apparmor       2.9.0-3
pn  python-pygame  <none>

-- no debconf information

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/attachments/20150501/d973dbc0/attachment.sig>

More information about the Pkg-anonymity-tools mailing list