[tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure

Tom Ritter tom at ritter.vg
Sun Oct 30 20:19:59 UTC 2016


On Oct 29, 2016 12:52 PM, "Yawning Angel" <yawning at schwanenlied.me> wrote:
>
> On Sat, 29 Oct 2016 11:51:03 -0200
> Daniel Simon <ddanielsimonn at gmail.com> wrote:
> > > Solution proposed - Static link the Tor Browser Bundle with musl
> > > libc.[1] It is a simple and fast libc implementation that was
> > > especially crafted for static linking. This would solve both
> > > security and portability issues.
>
> This adds a new security issue of "of all the things that should
> have ASLR, it should be libc, and it was at one point, but we started
> statically linking it for some stupid reason".

If this is accurate, that statically linking will enable pre-built rop
chains because libc is at a predictable memory address, I would strongly
oppose it for this reason alone.

It would be a major step backwards in security.

-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20161030/cbb94943/attachment.html>


More information about the tor-dev mailing list