From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/10684 Path: news.gmane.org!.POSTED!not-for-mail From: Tom Ritter Newsgroups: gmane.network.tor.devel,gmane.linux.lib.musl.general Subject: Re: [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure Date: Sat, 29 Oct 2016 09:39:54 -0500 Message-ID: References: Reply-To: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5236037178668708521==" X-Trace: blaine.gmane.org 1477752018 5223 195.159.176.226 (29 Oct 2016 14:40:18 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Sat, 29 Oct 2016 14:40:18 +0000 (UTC) Cc: musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org To: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org Original-X-From: tor-dev-bounces-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org Sat Oct 29 16:40:14 2016 Return-path: Envelope-to: gntd-or-dev@m.gmane.org Original-Received: from eugeni.torproject.org ([138.201.14.202]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1c0Ung-0007gz-Qx for gntd-or-dev@m.gmane.org; Sat, 29 Oct 2016 16:40:00 +0200 Original-Received: from eugeni.torproject.org (localhost [127.0.0.1]) by eugeni.torproject.org (Postfix) with ESMTP id 1B968E039F; Sat, 29 Oct 2016 14:40:02 +0000 (UTC) Original-Received: from localhost (localhost [127.0.0.1]) by eugeni.torproject.org (Postfix) with ESMTP id 40217E093E for ; Sat, 29 Oct 2016 14:39:59 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at Original-Received: from eugeni.torproject.org ([127.0.0.1]) by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZVrBGSA_Y3Kl for ; Sat, 29 Oct 2016 14:39:59 +0000 (UTC) Original-Received: from mail-ua0-x230.google.com (mail-ua0-x230.google.com [IPv6:2607:f8b0:400c:c08::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (not verified)) by eugeni.torproject.org (Postfix) with ESMTPS id CDDC0E034E for ; Sat, 29 Oct 2016 14:39:58 +0000 (UTC) Original-Received: by mail-ua0-x230.google.com with SMTP id 51so57463622uai.1 for ; Sat, 29 Oct 2016 07:39:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=KeCS/leCya0eAbKzpkorhQh1XrvEEfvBIoPdmJVX9/Y=; b=WpMIp13pXixeUW7tP5fxkXRZeW5O0SKJx27nVKymmQNYq40R2ewamjtohk8heJAYzQ 8FBOfz94hNX9M0d1m+WKHyL1GQ3nTEucg3vW53SPYQ6efVcf8L7iMq7kRCdy5KZEGcNr eoVSAUc0Nb7p4riRKV/o6LOL7Ajl5QPbHmjxs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=KeCS/leCya0eAbKzpkorhQh1XrvEEfvBIoPdmJVX9/Y=; b=HU7wWsHGSmfzR4Tq9rLoc9QCjBjIWfjGpr7iW2KkyLNM06EbgDNprRg/9VP5uq/wAS quO87mteO+bILhBj0LcYsZUeBqqQRz+4cYaqrFL4iKLqYYcqJyDrK9oro7bhHw3Sj+Gt RSkDSIq30jTCD8HToCtObP0Kiy5Bi0hYa5HDDhU8VzAF75ryCFsUJ3juQcCDuj7iFvXX +Nu1YAoPcYs07allKop/CGVCuYo+ZS9Yyl4v1gal0QRq9pLECJrDcdOkV1g6OV4P1JWO vgfSd11CKqDEVULOrCS965XsMDhJQDTuqOLHMvYaDRecJQvHW6o3wQ4AuiwY96lf/7Ub v8XQ== X-Gm-Message-State: ABUngvdA6Xddd62TXBzclXoKS1ovL8nogE8G5+rR31DFz7JZ01ox9zL3JeVXG1NMGnHBgGPDl/o890kS1drnXP6P X-Received: by 10.159.48.88 with SMTP id i24mr17110809uab.13.1477751995535; Sat, 29 Oct 2016 07:39:55 -0700 (PDT) Original-Received: by 10.103.76.205 with HTTP; Sat, 29 Oct 2016 07:39:54 -0700 (PDT) Original-Received: by 10.103.76.205 with HTTP; Sat, 29 Oct 2016 07:39:54 -0700 (PDT) In-Reply-To: X-BeenThere: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: discussion regarding Tor development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tor-dev-bounces-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org Original-Sender: "tor-dev" Xref: news.gmane.org gmane.network.tor.devel:9356 gmane.linux.lib.musl.general:10684 Archived-At: --===============5236037178668708521== Content-Type: multipart/alternative; boundary=f403045e3e98c2ad04054001f2a5 --f403045e3e98c2ad04054001f2a5 Content-Type: text/plain; charset=UTF-8 On May 9, 2016 9:15 AM, "Daniel Simon" wrote: > > Hello. > > How it's currently done - The Tor Browser Bundle is dynamically linked > against glibc. > > Security problem - The Tor Browser Bundle has the risk of information > about the host system's library ecosystem leaking out onto the > network. So I'm not a libc expert, would you be willing to unpack this for me and explain what sorts of data can leak and how? It seems to me that it would require some high amount of attacker control - control of arguments to functions, inspecting memory layout, or code execution... -tom --f403045e3e98c2ad04054001f2a5 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

On May 9, 2016 9:15 AM, "Daniel Simon" <ddanielsimonn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:<= br> >
> Hello.
>
> How it's currently done - The Tor Browser Bundle is dynamically li= nked
> against glibc.
>
> Security problem - The Tor Browser Bundle has the risk of information<= br> > about the host system's library ecosystem leaking out onto the
> network.

So I'm not a libc expert, would you be willing to unpack= this for me and explain what sorts of data can leak and how? It seems to m= e that it would require some high amount of attacker control - control of a= rguments to functions, inspecting memory layout, or code execution...

-tom

--f403045e3e98c2ad04054001f2a5-- --===============5236037178668708521== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KdG9yLWRldiBt YWlsaW5nIGxpc3QKdG9yLWRldkBsaXN0cy50b3Jwcm9qZWN0Lm9yZwpodHRwczovL2xpc3RzLnRv cnByb2plY3Qub3JnL2NnaS1iaW4vbWFpbG1hbi9saXN0aW5mby90b3ItZGV2Cg== --===============5236037178668708521==--