[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: bad security setting for win32 tor service

Hash: SHA1

For what it's worth:

I've been running the tor service with a regular user account on XP
Pro, and have a data directory with the keys and cached directory
encrypted using xp EFS to the account running the tor service (as
well as my own account for convienience).  Just had to give the user
account "Log on as a service" rights.

Is running it as LocalService better?  I also had concern with the
service running under the System account, and want to give the
account running the tor service as little permission as possible,
even sandbox it to just the tor directory if possible.

- -Bob

> -----Original Message-----
> From: owner-or-talk@xxxxxxxxxxxxx
> [mailto:owner-or-talk@xxxxxxxxxxxxx] On Behalf Of Nick Mathewson
> Sent: Friday, August 19, 2005 6:49 AM
> To: or-talk@xxxxxxxxxxxxx
> Subject: Re: bad security setting for win32 tor service
> On Fri, Aug 19, 2005 at 08:20:46AM -0500, Edman, Matt wrote:
> > You can also have Tor install the service as the NT
> > AUTHORITY\LocalService account. This patch on does
> > so:
> Matt -- I'd like to accept a patch like this.  Can you explain to
> me what it would do for Tor's storage, though?  J Random User
> shouldn't be able to read Tor's private keys -- can this happen if
> Tor runs as "NT AUTHORITY\LocalService" ?  If so, what is the real
> solution?
> yrs,
> --
> Nick Mathewson

Version: PGP 8.1