[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure



On Oct 29, 2016 12:52 PM, "Yawning Angel" <yawning@xxxxxxxxxxxxxxx> wrote:
>
> On Sat, 29 Oct 2016 11:51:03 -0200
> Daniel Simon <ddanielsimonn@xxxxxxxxx> wrote:
> > > Solution proposed - Static link the Tor Browser Bundle with musl
> > > libc.[1] It is a simple and fast libc implementation that was
> > > especially crafted for static linking. This would solve both
> > > security and portability issues.
>
> This adds a new security issue of "of all the things that should
> have ASLR, it should be libc, and it was at one point, but we started
> statically linking it for some stupid reason".

If this is accurate, that statically linking will enable pre-built rop chains because libc is at a predictable memory address, I would strongly oppose it for this reason alone.

It would be a major step backwards in security.

-tom

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev