On 17 May 2017, at 08:25, Rusty Bird rustybird@openmailbox.org wrote:
start-tor-browser sets the SELFRANDO_write_layout_file environment variable to an empty string, which *enables* [1] the creation of the 7 MB /tmp/<PID>.mlf layout file. This adds 2 seconds of startup time on my system.
Would it make sense to *disable* it for alpha/stable builds? If so, the export line in start-tor-browser should be removed. (People who really want the layout file for debugging could still enable it by running "SELFRANDO_write_layout_file= ./start-tor-browser".)
Even worse: can an exploit read this file to find out the memory layout?
(I think the answer is: yes, but it doesn't matter, because it would have to run arbitrary code to read the file. Maybe.)
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------