[tor-talk] EFF Tor Challenge
Marsh Ray
marsh at extendedsubset.com
Thu Jun 2 01:41:47 UTC 2011
On 06/01/2011 07:35 PM, CACook at quantum-sci.com wrote:
> On Wednesday 1 June, 2011 16:39:22 Javier Bassi wrote:
>> I have to say I felt a bit disappointed when I saw that the EFF
>> was also running a middle node. I thought they would be running
>> the openest exit node.
Everybody's gotta choose their battles and the EFF has chosen enough of
them to earn my great admiration.
> Although, until a Best Practices emerges for running a relay
> securely, I won't be running a relay at all. We went over this in
> detail here recently. The three methods I can think of have
> problems:
>
> - chroot jail can be broken by a skilled cracker.
Yeah it's usually a matter of only a few weeks between local privilege
escalation exploits for Linux are published on lists like
Full-Disclosure, and those are just the ones that are not sold. Security
boundaries on shared commodity hardware have almost always turned out to
be ineffective. They're a myth, like Santa Claus, one that basically
honest and good-natured people agree to believe in because of the huge
cost savings it enables (over having to purchase separate hardware for
every category of data).
But this latest round of virtualization technology is holding up better
than I'd expected.
> - VirtualBox VM bridged to LAN still must share the LAN class C, and
> could potentially monitor internal traffic. (And please don't
> quibble with me calling it a class C... they have to make up a name
> and stick with it. I still call Nissan's a Datsun)
No, you're factually wrong on the deeper point. The muddy terminology is
just a symptom.
> - VPN to router, most routers do not have VPN functionality, only the
> business-class like ProSafe.
Don't forget the host-only virtual networking that was suggested too.
> Until Best Practices are defined, many of us will be wary as we know
> what is possible.
Yes, everyone should think and plan carefully before running anything
that accepts incoming connections from the internet. However, the
millions of actual servers on the internet show that many can accomplish
it in practice (both well and poorly). A Tor internal node is not really
special in this regard and, actually, its attack surface is relatively
limited in comparison. Just imagine trying to secure a full-featured
multiuser mail server!
Personally I'm more concerned about running Wordpress or any other
random PHP app than TOR.
- Marsh
More information about the tor-talk
mailing list