[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] EFF Tor Challenge



On Thursday, June 2, 2011, Javier Bassi <javierbassi@xxxxxxxxx> wrote:
>
> What is think he is trying to say is that if someone finds a security
> vulnerability in Tor/Vidalia (this has happened in the past) the
> attacker can easily have a list of all IPs running relays, and may
> compromise all their machines with his 0day. And also he mention that
> even if Tor is chrooted, the attacker can break out of the chroot
> jail. This is not as easy as it sounds. To break out of the chroot
> jail you need to escalate privileges first and how do you get root
> inside a chroot jail? ( Of course if Tor was not running as root)

Fascinating, this does make the argument much more clear. best, Joe

-- 
Joseph Lorenzo Hall
ACCURATE Postdoctoral Research Associate
UC Berkeley School of Information
Princeton Center for Information Technology Policy
http://josephhall.org/
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk