Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20160425233545.GF21636@brightrain.aerifal.cx>
Date: Mon, 25 Apr 2016 19:35:46 -0400
From: Rich Felker <dalias@...c.org>
To: Daniel Simon <ddanielsimonn@...il.com>
Cc: tor-dev@...ts.torproject.org, musl@...ts.openwall.com
Subject: Re: Tor Browser Bundle on musl libc systems

On Mon, Apr 25, 2016 at 01:24:22PM -0300, Daniel Simon wrote:
> Hi,
> 
> the Tor Browser Bundle binaries available at
> https://dist.torproject.org/torbrowser/5.5.4/ do not run on
> musl-libc-based systems, like Void Linux, Alpine Linux, and other
> Linux distributions.
> I believe that's the case because the Tor Browser Bundle binaries are
> compiled dynamically to glibc, making them fail when ran on systems
> that any other libc.
> I'm sending this message to the Tor mailing list and to the Musl
> mailing list, so we can together find a solution.
> 
> I think there are 4 possible solutions:
> - the tor developers can provide binaries built with musl libc
> - the tor developers can provided statically compiled binaries (with
> any libc, but musl is especially good for this). These statically
> compiled binaries would run on any system independently of the libc.
> - the musl libc developers could identify why the binaries fail on
> musl and try to add compatibility
> - Linux distributions that use musl libc could figure out how to
> compile the Tor Browser Bundle from source and provide binaries
> themselves
> 
> What does everyone think about these possible solutions? Which one is
> the best? Are there any others you can think about?

Running entire giant programs that were dynamically linked against
glibc on musl is usually beyond the capability of the limited
binary-compat, and not something we would want to try to guarantee
works; the binary-compat is mainly intended for isolated binary blobs
like flash player (eew) and some simple proprietary programs.

IMO static linking with musl would be a great fit for Tor Browser,
reducing risks of information about the host system's library
ecosystem leaking out onto the network and possibly even making the
same binaries usable on BSDs with a Linux-compat syscall layer.
I thought getting it to build on musl might take significant initial
work, but Daniel seems to have already had good luck with that.

If the Tor project is interested in this and needs any assistance from
the musl side, just let us know.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.