[Tails-dev] Consider adding -D_FORTIFY_SOURCE=3 to some applications (e.g., web browser)?

2022-09-18 Thread David A. Wheeler
Has anyone looked into adding -D_FORTIFY_SOURCE=3 to some applications that 
directly interact with data from the Internet, such as t eh , web browser or 
parts of the Tor implementation?

More info: "GCC's new fortification level: The gains and costs"
https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level

It appears to make buffer overflows much harder to exploit, but the code needs 
to
not access memory after freeing (good idea anyway) & there's *some* performance 
impact.
It's unclear how much the performance impact is; probably the only way to know 
is to try it.

--- David A. Wheeler
___
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.


[Tails-dev] Javascript question

2022-09-18 Thread Ahmed Chakik via Tails-dev
Hi, if I connect to VPN first then start Tor browser with javascript enabled to 
visit a clearnet website, can javascript see my true IP address? Thanks

Sent with [Proton Mail](https://proton.me/) secure email.___
Tails-dev mailing list
Tails-dev@boum.org
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.