[tor-dev] Analysis of ASan usage

Jens Kubieziel maillist at kubieziel.de
Thu Feb 18 12:00:45 UTC 2016


Hi,

FYI:
oss-security lately had a posting with the title »Address Sanitizer
local root«
(<URL:http://www.openwall.com/lists/oss-security/2016/02/17/9>)
The author showed that building a suid binary with ASan enables local
root exploits. He also shows some other problems with this approach.

In his posting he mentions the Tor Browser and recommends to not use the
word »hardened«, because it is misleading.

-- 
Jens Kubieziel                                   http://www.kubieziel.de
Vielleicht verdirbt Geld tatsächlich den Charakter. Auf keinen Fall aber macht
ein Mangel an Geld ihn besser.                                  Jonathan Swift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20160218/34c11249/attachment.sig>


More information about the tor-dev mailing list