[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
From: Jessica Frazelle <me@xxxxxxxxxxxx>
Date: Sat, 29 Oct 2016 06:54:57 -0700
Cc: musl@xxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 29 Oct 2016 09:55:18 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jessfraz.com; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=e9723Ae43aklf52RaNQ/Eik6b93Of7EeSBLKW1WaqGQ=; b=AuZLpJHmWxebtydTWNloyRxodL8ODWWnZ7cDUsodk3XwrLUTZ6oqmyVj2Yr3xqy4ZN qQ3IQJqRg6BjThMH0NucmSbhzub5faE+lT9x55HsDID2ltvz9sEHzDH13mqGU0CDI4xs glVMplxqTaFeAkm4cPt8t7AAlgxVGSfXlvkao=
In-reply-to: <CAPWP2JNevbdXZwex+oU82uDn46u38fcmcBUaj0bqwo-Ry6---A@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAPWP2JMcsTz2qh6xkYuRKj2M7=DF4cGM0DbO8GSWX930=SsqOg@mail.gmail.com> <CAPWP2JNevbdXZwex+oU82uDn46u38fcmcBUaj0bqwo-Ry6---A@mail.gmail.com>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>

There must already be a version of Tor working with musl since there are Alpine Linux packages for Tor. I'm sure they dynamically link but it's seems like patching that would be the way to go.

https://pkgs.alpinelinux.org/package/edge/community/x86_64/tor

On Oct 29, 2016 06:51, "Daniel Simon" <ddanielsimonn@xxxxxxxxx> wrote:

Anyone got further into this?
It would be a joint-project between musl and tor organizations.
Maybe for GSoC 2017 if nobody works on it until then?

On Mon, May 9, 2016 at 11:15 AM, Daniel Simon <ddanielsimonn@xxxxxxxxx> wrote:
> Hello.
>
> How it's currently done - The Tor Browser Bundle is dynamically linked
> against glibc.
>
> Security problem - The Tor Browser Bundle has the risk of information
> about the host system's library ecosystem leaking out onto the
> network.
>
> Portability problem - The Tor Browser Bundle can't be run on systems
> that don't use glibc, making it unusable due to different syscalls.
>
> Solution proposed - Static link the Tor Browser Bundle with musl
> libc.[1] It is a simple and fast libc implementation that was
> especially crafted for static linking. This would solve both security
> and portability issues.
>
> What is Tor developers' opinion about this? I personally don't see any
> drawbacks and would be interested in discussing this further.
>
> Sincerely,
> Daniel
>
> [1] https://www.musl-libc.org/
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

References:
- Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
  - From: Daniel Simon

Prev by Author: Re: [tor-dev] Joining Tor Project's software infrastructure
Next by Author: Re: [tor-dev] [prop269] Further changes to the hybrid handshake proposal (and NTor)
Previous by thread: Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
Next by thread: Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
Index(es):
- Author
- Thread