From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/10014 Path: news.gmane.org!not-for-mail From: Daniel Simon Newsgroups: gmane.network.tor.devel,gmane.linux.lib.musl.general Subject: [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure Date: Mon, 9 May 2016 11:15:03 -0300 Message-ID: Reply-To: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1462803326 12360 80.91.229.3 (9 May 2016 14:15:26 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 9 May 2016 14:15:26 +0000 (UTC) To: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org, musl-ZwoEplunGu1jrUoiu81ncdBPR1lH4CV8@public.gmane.org Original-X-From: tor-dev-bounces-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org Mon May 09 16:15:21 2016 Return-path: Envelope-to: gntd-or-dev@m.gmane.org Original-Received: from eugeni.torproject.org ([38.229.72.13]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1azlxo-0002I0-3F for gntd-or-dev@m.gmane.org; Mon, 09 May 2016 16:15:14 +0200 Original-Received: from eugeni.torproject.org (localhost [127.0.0.1]) by eugeni.torproject.org (Postfix) with ESMTP id 84EC03A42B; Mon, 9 May 2016 14:15:09 +0000 (UTC) Original-Received: from localhost (localhost [127.0.0.1]) by eugeni.torproject.org (Postfix) with ESMTP id A7EE33A41C for ; Mon, 9 May 2016 14:15:05 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at Original-Received: from eugeni.torproject.org ([127.0.0.1]) by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7jEJCKIUPlGl for ; Mon, 9 May 2016 14:15:05 +0000 (UTC) Original-Received: from mail-yw0-x22c.google.com (mail-yw0-x22c.google.com [IPv6:2607:f8b0:4002:c05::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (not verified)) by eugeni.torproject.org (Postfix) with ESMTPS id 8006F3A078 for ; Mon, 9 May 2016 14:15:05 +0000 (UTC) Original-Received: by mail-yw0-x22c.google.com with SMTP id j74so250607901ywg.1 for ; Mon, 09 May 2016 07:15:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to; bh=xRFZF52HRJq2X8yi4gb3lKoF4Fua29OB7m8S6pApTpQ=; b=eSmagx/sCJ8N/Ep/02jcECl7kCrVlzO1j6/k2kmncZ+klvSZLGzN3Ug7QTFBBZgdkK 1UK3VvAsXmBSJLCTp0FUWli0DyJhGmRrW4fHftq2D3fAhP8F2UgUAjjTAYuERoFUDWnm B6Cl1yUmibDAVDHmsf8TeVQrr7onLJPHgpQ/p9uYfoaUKcdHKJCw5svptChlSCzLePQU cEbZPZNvGTOJOZJQGae8Zww8WMCyfpnLOyWUMWUxGf8n4L19b2UA3Bl1Usr3DhIPQ8y0 V+3guyz6WeW3rR0FbDagfZFu0BTjm9UGHZP3dK3VnyMpSzcYdIg7TxA+Bzjom78LrX7y V2Yg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to; bh=xRFZF52HRJq2X8yi4gb3lKoF4Fua29OB7m8S6pApTpQ=; b=kN4FQsKL3bwm5qbtl4fVkSFHOUY8aX/4OqafUhU4MHnGddH/+9R64aEqHxvC9bqwG2 mhNv8hbAy3Aj0NIdjve94Xwi9DSjxlhFm6ymwvYhHK7RQt7QKfAIvVV9WxYJD2Sfee67 yTHaXVtuDSEDn+8zj1n/zaTHXK8FaxMz+5OHLsXdX5iYNK9rZcihmASsDmXUGgTrtUm3 4QivmcDM7Xtckf7/RmDJ1RTuLkwnYW+ckUSAOfH0SLqetIMsLQ/tofA55NuSi8qZG4K7 WixCUmLKpI46bYPIc8lBe8LoN5qkvahm253Uza65OohzDHJ6z1o2Ho4DLWqdYRNzIgVr TnnQ== X-Gm-Message-State: AOPr4FUwHDXIVwDLkYIRM/igh+FQRhCNFrGSv4oQX7gXozUREVMO0xw7CRMN7EMglOfT/wxC6fbVGy9zN+8iHQ== X-Received: by 10.37.66.67 with SMTP id p64mr4939993yba.77.1462803303049; Mon, 09 May 2016 07:15:03 -0700 (PDT) Original-Received: by 10.13.230.70 with HTTP; Mon, 9 May 2016 07:15:03 -0700 (PDT) X-BeenThere: tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: discussion regarding Tor development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tor-dev-bounces-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org Original-Sender: "tor-dev" Xref: news.gmane.org gmane.network.tor.devel:8664 gmane.linux.lib.musl.general:10014 Archived-At: Hello. How it's currently done - The Tor Browser Bundle is dynamically linked against glibc. Security problem - The Tor Browser Bundle has the risk of information about the host system's library ecosystem leaking out onto the network. Portability problem - The Tor Browser Bundle can't be run on systems that don't use glibc, making it unusable due to different syscalls. Solution proposed - Static link the Tor Browser Bundle with musl libc.[1] It is a simple and fast libc implementation that was especially crafted for static linking. This would solve both security and portability issues. What is Tor developers' opinion about this? I personally don't see any drawbacks and would be interested in discussing this further. Sincerely, Daniel [1] https://www.musl-libc.org/ _______________________________________________ tor-dev mailing list tor-dev-AQ2JdjIqcwS4QsDJlTKKhWD2FQJk+8+b@public.gmane.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev