[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor TransPort on OpenBSD?



On Mon, Aug 11, 2008 at 01:07:43AM +0200, Hannah Schroeter wrote:
> Hi!
> 
> On Sun, Aug 10, 2008 at 05:55:59PM -0500, Scott Bennett wrote:
> 
> >     Perhaps OpenBSD works differently in this regard, but in FreeBSD the
> >above will only last until the next reboot because the /dev directory is
> >cleared and repopulated during initialization according to the devices
> >found during kernel autoconfiguration.  To make such changes each time
> >the system boots, IIRC, one must make the appropriate changes to
> >/boot/device.hints (see device.hints(5)).
> 
> OpenBSD has classical MAKEDEV style handling of /dev. However,
> non-standard protections might be clobbered when you upgrade.
> 
> A better fix would indeed be opening /dev/pf before dropping privileges.
> And the gold standard would be separating /dev/pf operations out into a
> separate process, that drops root anyway, but keeps the /dev/pf file
> descriptor and offers only those /dev/pf operations to the main process
> that are really needed instead of making *all* /dev/pf operations
> available to the main process. (Privilege separation.)
> 
> Kind regards,
> 
> Hannah.

On FreeBSD, you can also put Tor in a jail with a high securelevel
to disable operations on /dev/pf that would alter the rules, while
permitting read operations, like DIOCNATLOOK. FreeBSD does allow
per-jail securelevel settings, independent of the host's level.

-- 
Christopher Davis