[tor-talk] Distribution of Linux static tor binary?
Mike Perry
mikeperry at torproject.org
Thu Sep 13 00:40:09 UTC 2012
Thus spake adrelanos (adrelanos at riseup.net):
> antispam06 at sent.at:
> > On Mon, Sep 10, 2012, at 00:21, Fabio Pietrosanti (naif) wrote:
> >> It would facilitate the inclusion of Tor in third party applications
> >> that include/bundle/redistribute Tor, regardless of the Linux
> >> Distribution.
> >
> > Sounds like a potential risk, the third party intervention. See the
> > discussion about the other TorBrowser.
>
> I don't share your security concern. Using any third party application
> is always a security risk. If they include a software library or binary
> doesn't change much from that view. A software library might even add
> advantages.
My security concern would be around the absence of ASLR. It's my
understanding that static binaries have less/no ASLR on most Linux
distributions.
For this reason, I think a dynamic binary+$LD_LIBRARY_PATH+shared libs
is the best option for third party bundlers..
--
Mike Perry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20120912/5d38a240/attachment.pgp>
More information about the tor-talk
mailing list