* [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
@ 2016-05-09 14:15 Daniel Simon
[not found] ` <CAPWP2JMcsTz2qh6xkYuRKj2M7=DF4cGM0DbO8GSWX930=SsqOg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
0 siblings, 1 reply; 5+ messages in thread
From: Daniel Simon @ 2016-05-09 14:15 UTC (permalink / raw)
To: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b,
musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8
Hello.
How it's currently done - The Tor Browser Bundle is dynamically linked
against glibc.
Security problem - The Tor Browser Bundle has the risk of information
about the host system's library ecosystem leaking out onto the
network.
Portability problem - The Tor Browser Bundle can't be run on systems
that don't use glibc, making it unusable due to different syscalls.
Solution proposed - Static link the Tor Browser Bundle with musl
libc.[1] It is a simple and fast libc implementation that was
especially crafted for static linking. This would solve both security
and portability issues.
What is Tor developers' opinion about this? I personally don't see any
drawbacks and would be interested in discussing this further.
Sincerely,
Daniel
[1] https://www.musl-libc.org/
_______________________________________________
tor-dev mailing list
tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
[not found] ` <CAPWP2JMcsTz2qh6xkYuRKj2M7=DF4cGM0DbO8GSWX930=SsqOg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2016-10-29 13:51 ` Daniel Simon
[not found] ` <CAPWP2JNevbdXZwex+oU82uDn46u38fcmcBUaj0bqwo-Ry6---A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-29 14:39 ` Tom Ritter
1 sibling, 1 reply; 5+ messages in thread
From: Daniel Simon @ 2016-10-29 13:51 UTC (permalink / raw)
To: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b,
musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8
Anyone got further into this?
It would be a joint-project between musl and tor organizations.
Maybe for GSoC 2017 if nobody works on it until then?
On Mon, May 9, 2016 at 11:15 AM, Daniel Simon <ddanielsimonn@gmail.com> wrote:
> Hello.
>
> How it's currently done - The Tor Browser Bundle is dynamically linked
> against glibc.
>
> Security problem - The Tor Browser Bundle has the risk of information
> about the host system's library ecosystem leaking out onto the
> network.
>
> Portability problem - The Tor Browser Bundle can't be run on systems
> that don't use glibc, making it unusable due to different syscalls.
>
> Solution proposed - Static link the Tor Browser Bundle with musl
> libc.[1] It is a simple and fast libc implementation that was
> especially crafted for static linking. This would solve both security
> and portability issues.
>
> What is Tor developers' opinion about this? I personally don't see any
> drawbacks and would be interested in discussing this further.
>
> Sincerely,
> Daniel
>
> [1] https://www.musl-libc.org/
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
[not found] ` <CAPWP2JNevbdXZwex+oU82uDn46u38fcmcBUaj0bqwo-Ry6---A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
@ 2016-10-29 13:54 ` Jessica Frazelle
0 siblings, 0 replies; 5+ messages in thread
From: Jessica Frazelle @ 2016-10-29 13:54 UTC (permalink / raw)
To: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b
Cc: musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8
[-- Attachment #1.1: Type: text/plain, Size: 1701 bytes --]
There must already be a version of Tor working with musl since there are
Alpine Linux packages for Tor. I'm sure they dynamically link but it's
seems like patching that would be the way to go.
https://pkgs.alpinelinux.org/package/edge/community/x86_64/tor
On Oct 29, 2016 06:51, "Daniel Simon" <ddanielsimonn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Anyone got further into this?
> It would be a joint-project between musl and tor organizations.
> Maybe for GSoC 2017 if nobody works on it until then?
>
>
> On Mon, May 9, 2016 at 11:15 AM, Daniel Simon <ddanielsimonn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
> wrote:
> > Hello.
> >
> > How it's currently done - The Tor Browser Bundle is dynamically linked
> > against glibc.
> >
> > Security problem - The Tor Browser Bundle has the risk of information
> > about the host system's library ecosystem leaking out onto the
> > network.
> >
> > Portability problem - The Tor Browser Bundle can't be run on systems
> > that don't use glibc, making it unusable due to different syscalls.
> >
> > Solution proposed - Static link the Tor Browser Bundle with musl
> > libc.[1] It is a simple and fast libc implementation that was
> > especially crafted for static linking. This would solve both security
> > and portability issues.
> >
> > What is Tor developers' opinion about this? I personally don't see any
> > drawbacks and would be interested in discussing this further.
> >
> > Sincerely,
> > Daniel
> >
> > [1] https://www.musl-libc.org/
> _______________________________________________
> tor-dev mailing list
> tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>
[-- Attachment #1.2: Type: text/html, Size: 2660 bytes --]
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
[not found] ` <CAPWP2JMcsTz2qh6xkYuRKj2M7=DF4cGM0DbO8GSWX930=SsqOg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-29 13:51 ` Daniel Simon
@ 2016-10-29 14:39 ` Tom Ritter
2016-10-29 21:59 ` Re: [tor-dev] " Szabolcs Nagy
1 sibling, 1 reply; 5+ messages in thread
From: Tom Ritter @ 2016-10-29 14:39 UTC (permalink / raw)
To: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b
Cc: musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8
[-- Attachment #1.1: Type: text/plain, Size: 638 bytes --]
On May 9, 2016 9:15 AM, "Daniel Simon" <ddanielsimonn-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
> Hello.
>
> How it's currently done - The Tor Browser Bundle is dynamically linked
> against glibc.
>
> Security problem - The Tor Browser Bundle has the risk of information
> about the host system's library ecosystem leaking out onto the
> network.
So I'm not a libc expert, would you be willing to unpack this for me and
explain what sorts of data can leak and how? It seems to me that it would
require some high amount of attacker control - control of arguments to
functions, inspecting memory layout, or code execution...
-tom
[-- Attachment #1.2: Type: text/html, Size: 885 bytes --]
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
2016-10-29 14:39 ` Tom Ritter
@ 2016-10-29 21:59 ` Szabolcs Nagy
0 siblings, 0 replies; 5+ messages in thread
From: Szabolcs Nagy @ 2016-10-29 21:59 UTC (permalink / raw)
To: Tom Ritter; +Cc: tor-dev, musl
* Tom Ritter <tom@ritter.vg> [2016-10-29 09:39:54 -0500]:
> On May 9, 2016 9:15 AM, "Daniel Simon" <ddanielsimonn@gmail.com> wrote:
> > How it's currently done - The Tor Browser Bundle is dynamically linked
> > against glibc.
> >
> > Security problem - The Tor Browser Bundle has the risk of information
> > about the host system's library ecosystem leaking out onto the
> > network.
>
> So I'm not a libc expert, would you be willing to unpack this for me and
> explain what sorts of data can leak and how? It seems to me that it would
> require some high amount of attacker control - control of arguments to
> functions, inspecting memory layout, or code execution...
>
if one rebuilds tor from source then there is a chance that
the final binary has subtly different behaviour than the
official tor bundle which may be observable via network
communication allowing the identification of the user, which
may break anonymity guarantees, simply because different
toolchain is used.
the same reasoning applies to different underlying hardware
or kernel or indeed library dependencies that may vary among
users (e.g. javascript Math.sin may call libc sin and different
versions of glibc have different precision result).
i don't know how much of this is a concern for the tor
project and it is hard to tell how much static linking
would improve things for linux users as the os can probably
be fingerprinted anyway.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-10-29 21:59 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-09 14:15 [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure Daniel Simon
[not found] ` <CAPWP2JMcsTz2qh6xkYuRKj2M7=DF4cGM0DbO8GSWX930=SsqOg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-29 13:51 ` Daniel Simon
[not found] ` <CAPWP2JNevbdXZwex+oU82uDn46u38fcmcBUaj0bqwo-Ry6---A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2016-10-29 13:54 ` Jessica Frazelle
2016-10-29 14:39 ` Tom Ritter
2016-10-29 21:59 ` Re: [tor-dev] " Szabolcs Nagy
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).