[tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure

Tom Ritter tom at ritter.vg
Sat Oct 29 14:39:54 UTC 2016


On May 9, 2016 9:15 AM, "Daniel Simon" <ddanielsimonn at gmail.com> wrote:
>
> Hello.
>
> How it's currently done - The Tor Browser Bundle is dynamically linked
> against glibc.
>
> Security problem - The Tor Browser Bundle has the risk of information
> about the host system's library ecosystem leaking out onto the
> network.

So I'm not a libc expert, would you be willing to unpack this for me and
explain what sorts of data can leak and how? It seems to me that it would
require some high amount of attacker control - control of arguments to
functions, inspecting memory layout, or code execution...

-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20161029/50e589a1/attachment.html>


More information about the tor-dev mailing list