[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Distribution of Linux static tor binary?



Thus spake adrelanos (adrelanos@xxxxxxxxxx):

> antispam06@xxxxxxx:
> > On Mon, Sep 10, 2012, at 00:21, Fabio Pietrosanti (naif) wrote:
> >> It would facilitate the inclusion of Tor in third party applications
> >> that include/bundle/redistribute Tor, regardless of the Linux
> >> Distribution.
> > 
> > Sounds like a potential risk, the third party intervention. See the
> > discussion about the other TorBrowser.
> 
> I don't share your security concern. Using any third party application
> is always a security risk. If they include a software library or binary
> doesn't change much from that view. A software library might even add
> advantages.

My security concern would be around the absence of ASLR. It's my
understanding that static binaries have less/no ASLR on most Linux
distributions.

For this reason, I think a dynamic binary+$LD_LIBRARY_PATH+shared libs
is the best option for third party bundlers..

-- 
Mike Perry

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk