[tbb-dev] SELFRANDO_write_layout_file enabled intentionally?

teor teor2345 at gmail.com
Wed May 17 00:21:24 UTC 2017


> On 17 May 2017, at 08:25, Rusty Bird <rustybird at openmailbox.org> wrote:
> 
> start-tor-browser sets the SELFRANDO_write_layout_file environment
> variable to an empty string, which *enables* [1] the creation of the
> 7 MB /tmp/<PID>.mlf layout file. This adds 2 seconds of startup time
> on my system.
> 
> Would it make sense to *disable* it for alpha/stable builds? If so,
> the export line in start-tor-browser should be removed. (People who
> really want the layout file for debugging could still enable it by
> running "SELFRANDO_write_layout_file= ./start-tor-browser".)

Even worse: can an exploit read this file to find out the memory layout?

(I think the answer is: yes, but it doesn't matter, because it would
have to run arbitrary code to read the file. Maybe.)

T
--
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.torproject.org/pipermail/tbb-dev/attachments/20170517/eea328aa/attachment.sig>


More information about the tbb-dev mailing list