Anyone got further into this? It would be a joint-project between musl and tor organizations. Maybe for GSoC 2017 if nobody works on it until then?
On Mon, May 9, 2016 at 11:15 AM, Daniel Simon ddanielsimonn@gmail.com wrote:
Hello.
How it's currently done - The Tor Browser Bundle is dynamically linked against glibc.
Security problem - The Tor Browser Bundle has the risk of information about the host system's library ecosystem leaking out onto the network.
Portability problem - The Tor Browser Bundle can't be run on systems that don't use glibc, making it unusable due to different syscalls.
Solution proposed - Static link the Tor Browser Bundle with musl libc.[1] It is a simple and fast libc implementation that was especially crafted for static linking. This would solve both security and portability issues.
What is Tor developers' opinion about this? I personally don't see any drawbacks and would be interested in discussing this further.
Sincerely, Daniel