[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure



On Sat, 29 Oct 2016 11:51:03 -0200
Daniel Simon <ddanielsimonn@xxxxxxxxx> wrote:
> > Solution proposed - Static link the Tor Browser Bundle with musl
> > libc.[1] It is a simple and fast libc implementation that was
> > especially crafted for static linking. This would solve both
> > security and portability issues.

This adds a new security issue of "of all the things that should
have ASLR, it should be libc, and it was at one point, but we started
statically linking it for some stupid reason".

Having to rebuild the browser when the libc needs to be updated seems
terrible as well.

> > What is Tor developers' opinion about this? I personally don't see
> > any drawbacks and would be interested in discussing this further.

There, opinions.

Regards,

-- 
Yawning Angel

Attachment: pgpMeDRJiNhea.pgp
Description: OpenPGP digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev