Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 9 May 2016 11:15:03 -0300
From: Daniel Simon <>
Subject: [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure


How it's currently done - The Tor Browser Bundle is dynamically linked
against glibc.

Security problem - The Tor Browser Bundle has the risk of information
about the host system's library ecosystem leaking out onto the

Portability problem - The Tor Browser Bundle can't be run on systems
that don't use glibc, making it unusable due to different syscalls.

Solution proposed - Static link the Tor Browser Bundle with musl
libc.[1] It is a simple and fast libc implementation that was
especially crafted for static linking. This would solve both security
and portability issues.

What is Tor developers' opinion about this? I personally don't see any
drawbacks and would be interested in discussing this further.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.