[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Another openssl advisory: Tor seems not to be affected (Chroot?)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Another openssl advisory: Tor seems not to be affected (Chroot?)
From: Tom Ritter <tom@xxxxxxxxx>
Date: Thu, 19 Apr 2012 12:01:22 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 19 Apr 2012 12:02:00 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=im68Lb0KE7aowcdU4FOKMk4Fvv8nPzQbY70Z4B6Z0ug=; b=Qt5JPyeNof02Ka7sWL5KCyJSLGEvuLERNYu/HPebcMaR3DBhsEl7Q7wrJadXbtJtj7 wcXQkohYeOy/uuwaSS8hwrev4cEtzAdaocGrMpRalkRvUDuxaCIWWWib2Ptn38Uc+85x NVotfItQUFJgpwgzneiRBezN/mynAJjd/l9ck=
In-reply-to: <4F90343F.1010205@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAKDKvuyO_0+qwpVhBKieQAcydnhKmMAFRnvuRkXWRUdz-NDzXA@xxxxxxxxxxxxxx> <4F90343F.1010205@xxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On 19 April 2012 11:50, Fabio Pietrosanti (naif) <lists@xxxxxxxxxxxxxxx> wrote:
> Apache does it with Mod_Security:
> http://www.modsecurity.org/documentation/apache-internal-chroot.html
>
> ProFTPD does it with DefaultRoot:
> http://www.proftpd.org/docs/directives/linked/config_ref_DefaultRoot.html

To add another data point, Colin Percival has blogged about how he
terminates SSL connections in a jail to mitigate this risk.
http://www.daemonology.net/blog/2009-09-28-securing-https.html

-tom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Another openssl advisory: Tor seems not to be affected
  - From: Nick Mathewson
- Re: [tor-talk] Another openssl advisory: Tor seems not to be affected (Chroot?)
  - From: Fabio Pietrosanti (naif)

Prev by Author: Re: [tor-talk] Evening Standard Article - Invisible Web
Next by Author: [tor-talk] ADDRMAP reversed IP bug
Previous by thread: Re: [tor-talk] Another openssl advisory: Tor seems not to be affected (Chroot?)
Next by thread: Re: [tor-talk] Another openssl advisory: Tor seems not to be affected
Index(es):
- Author
- Thread