29 Oct
2016
29 Oct
'16
5:51 p.m.
On Sat, 29 Oct 2016 11:51:03 -0200 Daniel Simon ddanielsimonn@gmail.com wrote:
Solution proposed - Static link the Tor Browser Bundle with musl libc.[1] It is a simple and fast libc implementation that was especially crafted for static linking. This would solve both security and portability issues.
This adds a new security issue of "of all the things that should have ASLR, it should be libc, and it was at one point, but we started statically linking it for some stupid reason".
Having to rebuild the browser when the libc needs to be updated seems terrible as well.
What is Tor developers' opinion about this? I personally don't see any drawbacks and would be interested in discussing this further.
There, opinions.
Regards,
--
Yawning Angel