[tor-dev] [Proposal] A simple way to make Tor-Browser-Bundle more portable and secure
Daniel Simon
ddanielsimonn at gmail.com
Mon May 9 14:15:03 UTC 2016
Hello.
How it's currently done - The Tor Browser Bundle is dynamically linked
against glibc.
Security problem - The Tor Browser Bundle has the risk of information
about the host system's library ecosystem leaking out onto the
network.
Portability problem - The Tor Browser Bundle can't be run on systems
that don't use glibc, making it unusable due to different syscalls.
Solution proposed - Static link the Tor Browser Bundle with musl
libc.[1] It is a simple and fast libc implementation that was
especially crafted for static linking. This would solve both security
and portability issues.
What is Tor developers' opinion about this? I personally don't see any
drawbacks and would be interested in discussing this further.
Sincerely,
Daniel
[1] https://www.musl-libc.org/
More information about the tor-dev
mailing list