From: Daniel Simon <ddanielsimonn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org,
musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org
Subject: [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
Date: Mon, 9 May 2016 11:15:03 -0300 [thread overview]
Message-ID: <CAPWP2JMcsTz2qh6xkYuRKj2M7=DF4cGM0DbO8GSWX930=SsqOg@mail.gmail.com> (raw)
Hello.
How it's currently done - The Tor Browser Bundle is dynamically linked
against glibc.
Security problem - The Tor Browser Bundle has the risk of information
about the host system's library ecosystem leaking out onto the
network.
Portability problem - The Tor Browser Bundle can't be run on systems
that don't use glibc, making it unusable due to different syscalls.
Solution proposed - Static link the Tor Browser Bundle with musl
libc.[1] It is a simple and fast libc implementation that was
especially crafted for static linking. This would solve both security
and portability issues.
What is Tor developers' opinion about this? I personally don't see any
drawbacks and would be interested in discussing this further.
Sincerely,
Daniel
[1] https://www.musl-libc.org/
_______________________________________________
tor-dev mailing list
tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
next reply other threads:[~2016-05-09 14:15 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-09 14:15 Daniel Simon [this message]
[not found] ` <CAPWP2JMcsTz2qh6xkYuRKj2M7=DF4cGM0DbO8GSWX930=SsqOg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-29 13:51 ` Daniel Simon
[not found] ` <CAPWP2JNevbdXZwex+oU82uDn46u38fcmcBUaj0bqwo-Ry6---A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-29 13:54 ` Jessica Frazelle
2016-10-29 14:39 ` Tom Ritter
2016-10-29 21:59 ` Re: [tor-dev] " Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAPWP2JMcsTz2qh6xkYuRKj2M7=DF4cGM0DbO8GSWX930=SsqOg@mail.gmail.com' \
--to=ddanielsimonn-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org \
--cc=tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).