Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Oct 2016 09:39:54 -0500
From: Tom Ritter <tom@...ter.vg>
To: tor-dev@...ts.torproject.org
Cc: musl@...ts.openwall.com
Subject: Re: [tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more
 portable and secure

On May 9, 2016 9:15 AM, "Daniel Simon" <ddanielsimonn@...il.com> wrote:
>
> Hello.
>
> How it's currently done - The Tor Browser Bundle is dynamically linked
> against glibc.
>
> Security problem - The Tor Browser Bundle has the risk of information
> about the host system's library ecosystem leaking out onto the
> network.

So I'm not a libc expert, would you be willing to unpack this for me and
explain what sorts of data can leak and how? It seems to me that it would
require some high amount of attacker control - control of arguments to
functions, inspecting memory layout, or code execution...

-tom

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.