Hi, FYI: oss-security lately had a posting with the title »Address Sanitizer local root« (<URL:http://www.openwall.com/lists/oss-security/2016/02/17/9>) The author showed that building a suid binary with ASan enables local root exploits. He also shows some other problems with this approach. In his posting he mentions the Tor Browser and recommends to not use the word »hardened«, because it is misleading. -- Jens Kubieziel http://www.kubieziel.de Vielleicht verdirbt Geld tatsächlich den Charakter. Auf keinen Fall aber macht ein Mangel an Geld ihn besser. Jonathan Swift
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev