[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor TransPort on OpenBSD?



     On Mon, 11 Aug 2008 01:07:43 +0200 Hannah Schroeter <hannah@xxxxxxxxxxxx>
wrote:
>Hi!
>
>On Sun, Aug 10, 2008 at 05:55:59PM -0500, Scott Bennett wrote:
>
>>     Perhaps OpenBSD works differently in this regard, but in FreeBSD the
>>above will only last until the next reboot because the /dev directory is
>>cleared and repopulated during initialization according to the devices
>>found during kernel autoconfiguration.  To make such changes each time
>>the system boots, IIRC, one must make the appropriate changes to
>>/boot/device.hints (see device.hints(5)).
>
>OpenBSD has classical MAKEDEV style handling of /dev. However,

     Oh.  Okay.  Thanks!  I must say that FreeBSD's way of handling /dev
really threw me at first.  It's more flexible than the old way, of course,
and is a better way because of the flexibility for a system that will be
used on a vast and widely varying set of hardware configurations, often
by not terribly knowledgeable users, but it does take a bit of getting used
to it.

>non-standard protections might be clobbered when you upgrade.

     Ah, yes, a good point!  And the kind of thing one tends to overlook,
too. :-(
>
>A better fix would indeed be opening /dev/pf before dropping privileges.
>And the gold standard would be separating /dev/pf operations out into a
>separate process, that drops root anyway, but keeps the /dev/pf file
>descriptor and offers only those /dev/pf operations to the main process
>that are really needed instead of making *all* /dev/pf operations
>available to the main process. (Privilege separation.)
>
     Looks good to me.  But pf in FreeBSD is ported from OpenBSD, so I
expect that whatever is done to it in OpenBSD will be copied more or less
as is.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************