[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Onion website on "usual" server

To: meejah <meejah@xxxxxxxxx>
Subject: Re: [tor-talk] Onion website on "usual" server
From: Roman Mamedov <rm@xxxxxxxxxxx>
Date: Sun, 14 Apr 2019 02:35:36 +0500
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 13 Apr 2019 17:35:48 -0400
In-reply-to: <86h8b1mxrh.fsf@atlantis.meejah.ca>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <10e774e0-4f27-3bf5-1164-5b6e8547d277@yandex.ru> <acc3d7b9-33bf-bf74-3813-8876507500b5@riseup.net> <86h8b1mxrh.fsf@atlantis.meejah.ca>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On Sun, 14 Apr 2019 00:54:42 +0400
meejah <meejah@xxxxxxxxx> wrote:

> Mirimir <mirimir@xxxxxxxxxx> writes:
> 
> > Even so, that's a little fragile. Mistakes happen. And there's the issue
> > of web server error messages from the onion site going to clearnet.
> > That's one of the mistakes that got DPR pwned.
> 
> The best solution to prevent this accident is to have the onion site
> listening on a Unix socket, and set up the Onion service in Tor to
> direct to that.

Still if you run regular and anonymous websites in the same server process, it
is a disaster waiting to happen. At least don't forget to ensure that your
clearnet listener doesn't answer to the .onion "Host: ", and vice versa. But
if this is even remotely critical, then just run a fully separate server
process, and a simple way to do that (granting you more isolation as a bonus)
as mentioned before, is a VM.

-- 
With respect,
Roman
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Onion website on "usual" server
  - From: grarpamp

References:
- [tor-talk] Onion website on "usual" server
  - From: xxx
- Re: [tor-talk] Onion website on "usual" server
  - From: Mirimir
- Re: [tor-talk] Onion website on "usual" server
  - From: meejah

Prev by Author: [tor-talk] IPv6 for relay-to-relay or client-to-relay communication?
Next by Author: Re: [tor-talk] Anyone interested in running FreeBSD or Linux Exit Relays on AS19624?
Previous by thread: Re: [tor-talk] Onion website on "usual" server
Next by thread: Re: [tor-talk] Onion website on "usual" server
Index(es):
- Author
- Thread