|
Message-ID: <CA+cU71m4FSEVR1_dKq5jLs8DTcvECTKjiUYQupfm1hiVgiLc8w@mail.gmail.com>
Date: Sat, 29 Oct 2016 09:39:54 -0500
From: Tom Ritter <tom@...ter.vg>
To: tor-dev@...ts.torproject.org
Cc: musl@...ts.openwall.com
Subject: Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more
portable and secure
On May 9, 2016 9:15 AM, "Daniel Simon" <ddanielsimonn@...il.com> wrote:
>
> Hello.
>
> How it's currently done - The Tor Browser Bundle is dynamically linked
> against glibc.
>
> Security problem - The Tor Browser Bundle has the risk of information
> about the host system's library ecosystem leaking out onto the
> network.
So I'm not a libc expert, would you be willing to unpack this for me and
explain what sorts of data can leak and how? It seems to me that it would
require some high amount of attacker control - control of arguments to
functions, inspecting memory layout, or code execution...
-tom
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.