[tor-bugs] #10065 [Tor Browser]: Improve Hardening for TBB3.0
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Aug 22 09:53:37 UTC 2014
#10065: Improve Hardening for TBB3.0
-------------------------+-------------------------------------------------
Reporter: | Owner: erinn
mikeperry | Status: needs_review
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: MikePerry201408R, tbb-3.0, gitian,
Browser | tbb-security, tbb-gitian, tbb-isec-report
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gk):
Okay, here are some points:
1) #10077 is not done yet which means we are currently using two different
compilers for the alpha series: 4.6.3 (for tor, the pluggable transports,
binutils and the compiler itself) and 4.8.3 (for the other utils and Tor
Browser). You don't change that but take the libs from 4.8.3 for
everything which makes me a bit nervous. Could you either take the libs
belonging to the respective compiler OR fix #10077 (which might be easy
and needs to get done anyway)?
2) Why do we (still) need the wrapper scripts for the Tor Browser. We are
using LDFLAGS and friends anyway. Thus, can't we just use them?
3) Do we really need this ld -> ld.orig and i686-w64-mingw32-ld ->
/usr/bin thingy? I am wondering as you don't do that in the gitian-utils
descriptor. Maybe this was a 4.6.3 issue which is not longer a problem
with 4.8.3 and later (might be something to think about for 2), too)?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10065#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list