On Tue, 16 May 2017 19:45:40 -0500 Tom Ritter tom@ritter.vg wrote:
On 16 May 2017 at 19:21, teor teor2345@gmail.com wrote:
Even worse: can an exploit read this file to find out the memory layout?
(I think the answer is: yes, but it doesn't matter, because it would have to run arbitrary code to read the file. Maybe.)
My attitude towards this, and what I requested of the selfrando team for Mozilla's investigation, is that the seed/layout be written to disk and erased from memory. An attacker who gets an information disclosure could steal the seed from memory otherwise and undo the protection. Arbitrary file reads are less common that infoleaks. (And we want to keep the mapping around for debugging crashes.)
`sandboxed-tor-browser` doesn't set the env var, and I don't see myself ever setting it, because `/tmp` will get obliterated when firefox exits anyway.
Is it safe to assume that the current behavior of "not setting anything here will result in no files getting created" will remain consistent?
Regards,