[guardian-dev] limiting Orbot PIE version to android-21

Hans-Christoph Steiner hans at guardianproject.info
Wed Feb 4 14:25:32 EST 2015


Nathan of Guardian:
> 
> 
> On Wed, Feb 4, 2015, at 12:52 PM, Hans-Christoph Steiner wrote:
>>
>> It seems that having the non-PIE and PIE versions of Orbot is causing
>> issue
>> for some people.  I just had a thought: what about limiting the PIE
>> version to
>> only >=21, i.e. android:minSdkVersion="21", then for now using the
>> original,
>> non-PIE version for everything else, i.e. android:maxSdkVersion="20"
>>
>> Then once the kinks are worked out, the PIE version could be lowered to
>> android:minSdkVersion="16" so that more devices benefit from the security
>> enhancements.
> 
> The problem isn't running the PIE binary, it is just related to the
> binary upgrade logic, and detecting the change of the OS to Android 5.
> 
> I'll be fixing the binary resource installer logic in v15 dev work going
> on now.
> 
> The other option is to turn the tor binary into a libtor.so shared
> library, which removes the whole PIE issue.

I don't know how much you've explored the static executable option, or whether
its feasible for Orbot, but I did get busybox and gpgv built statically for
Lil' Debi, which also avoids the PIE issue.

.hc

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81


More information about the guardian-dev mailing list