github ChaoticSi1ence/SlimBrave-Neo v1.4.2
v1.4.2 - Fix CLI --reset bypass and Preferences mode regression
on GitHub

5 hours ago

Follow-up to v1.4.1. Two bugs were uncovered during real-world end-to-end validation of the v1.4.1 Chromium pref leak repair on Linux. Fixes are applied to both slimbrave-linux.py and slimbrave-mac.py.

What was wrong

1. CLI --reset skipped the v1.4.1 repair

cli_reset() only deleted /etc/brave/policies/managed/slimbrave.json and exited — it never invoked repair_brave_prefs(). Users running: 

sudo python3 slimbrave-linux.py --reset

…got a silently incomplete reset: the policy file was gone but the wildcard braveShields exceptions remained pinned in the user profile, leaving shields stuck off. The TUI Reset button (reset_policy()) was always wired correctly; only the non-interactive CLI path was missing the call.

2. Repair widened Preferences file mode 0600 → 0644

When repair_brave_prefs() rewrote the Preferences file, it routed through _atomic_write whose default mode is 0o644. Brave creates Preferences as 0o600, so every successful repair degraded the file's mode and made it world-readable on shared/multi-user systems. Preferences contains session state (cookies path, sync info, sign-in artifacts).

Fix

  • cli_reset() now calls repair_brave_prefs() after deleting the policy file and reports Cleaned N leaked profile prefs from Brave's user profile. when it scrubs anything. It also warns if Brave is still running (in-memory pref state can clobber the repair on next save).
  • repair_brave_prefs() captures the original mode via os.stat(pref_path).st_mode & 0o777 before the atomic write and passes it through, preserving 0o600 (or whatever the user's Preferences was originally set to).

Validation

End-to-end on openSUSE Tumbleweed + Brave 1.89.143, three independent paths:

Path Outcome
TUI Reset (reset_policy()) "removed 2 leaks", wildcards scrubbed, content intact, mode preserved
Direct repair_brave_prefs() call (2, False), same clean scrub, mode preserved
TUI Reset with live policy file Policy file deleted and wildcards scrubbed in one pass
CLI --reset (regression test for fix 1) "Cleaned 2 leaked profile prefs", wildcards scrubbed, mode preserved at 0600

Zero key-level diff vs the pre-test backup in every run — repair only touches the two SlimBrave-written wildcard patterns.

macOS

The macOS edits are byte-identical to the Linux ones (modulo the platform-specific _find_brave_prefs() branch). They compile cleanly but are unverified on real macOS hardware. Behavior should mirror Linux exactly.

Windows

The Windows side (SlimBrave.ps1) was patched separately by the Windows session and is not part of this release's diff.

File paths the repair touches

  • Linux: ~/.config/BraveSoftware/Brave-Browser/Default/Preferences
  • macOS: ~/Library/Application Support/BraveSoftware/Brave-Browser/Default/Preferences
Check out latest releases or
releases around ChaoticSi1ence/SlimBrave-Neo v1.4.2

Don't miss a new SlimBrave-Neo release

NewReleases is sending notifications on new releases.

Get notifications