[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure



On May 9, 2016 9:15 AM, "Daniel Simon" <ddanielsimonn@xxxxxxxxx> wrote:
>
> Hello.
>
> How it's currently done - The Tor Browser Bundle is dynamically linked
> against glibc.
>
> Security problem - The Tor Browser Bundle has the risk of information
> about the host system's library ecosystem leaking out onto the
> network.

So I'm not a libc expert, would you be willing to unpack this for me and explain what sorts of data can leak and how? It seems to me that it would require some high amount of attacker control - control of arguments to functions, inspecting memory layout, or code execution...

-tom

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev