Thus spake adrelanos (adrelanos@xxxxxxxxxx): > antispam06@xxxxxxx: > > On Mon, Sep 10, 2012, at 00:21, Fabio Pietrosanti (naif) wrote: > >> It would facilitate the inclusion of Tor in third party applications > >> that include/bundle/redistribute Tor, regardless of the Linux > >> Distribution. > > > > Sounds like a potential risk, the third party intervention. See the > > discussion about the other TorBrowser. > > I don't share your security concern. Using any third party application > is always a security risk. If they include a software library or binary > doesn't change much from that view. A software library might even add > advantages. My security concern would be around the absence of ASLR. It's my understanding that static binaries have less/no ASLR on most Linux distributions. For this reason, I think a dynamic binary+$LD_LIBRARY_PATH+shared libs is the best option for third party bundlers.. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk