[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Analysis of ASan usage



Hi,

FYI:
oss-security lately had a posting with the title »Address Sanitizer
local root«
(<URL:http://www.openwall.com/lists/oss-security/2016/02/17/9>)
The author showed that building a suid binary with ASan enables local
root exploits. He also shows some other problems with this approach.

In his posting he mentions the Tor Browser and recommends to not use the
word »hardened«, because it is misleading.

-- 
Jens Kubieziel                                   http://www.kubieziel.de
Vielleicht verdirbt Geld tatsächlich den Charakter. Auf keinen Fall aber macht
ein Mangel an Geld ihn besser.                                  Jonathan Swift

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev