[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor-ramdisk 20080606 released.

Hash: SHA1

Scott Bennett wrote:
>      On Tue, 10 Jun 2008 14:06:57 -0400 basile <basile@xxxxxxxxxxxxxxxxxx>
> wrote:
>> We would like to announce a new release of Tor-ramdisk (version
>> 20080606), an i686 uClibc-based micro Linux distro (about 3.1MB ISO)
>> whose only purpose is to host a tor server in an environment which
>> maximizes security and privacy.  Security is enhanced by employing a
>> monolithically compiled GRSEC/PAX patched kernel and hardened system
>> tools. Privacy is enhanced by turning off logging at all levels so
>> that even the Tor operator only has access to minimal information.
>> Finally, since everything runs in ephemeral memory, no information
>> survives a reboot, except for the Tor configuration file and the
>> private RSA key which may be exported/imported by FTP.
>      Just out of curiousity, why did you choose LINUX for this project?
> If security is such a high priority, I would have thought that OpenBSD
> would have been the operating system of choice.
>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************
Hi Scott,

First let me answer a related question which is why security is a high
priority for this project.  We've seen lots of talk on this list about
unscrupulous exit node operators.  I wanted a system for the
conscientious tor operator which would give a minimum amount of
information in order to preserve privacy while at the same time giving
enough that he/she could determine that everything is working ok.
Even an innocent utility like netstat, which can be used to make sure
that connections are being established by the tor server also reveal
what IP addresses are connecting --- my concern may be a bit
exaggerated, but I think you get the point.  But while on the one hand
minimizing information makes me feel good as a tor operator, it makes
me very nervous as a system administrator because I no longer have the
diagnotic tools that would tell me if something fishy is going on.
Its not a guarantee, but hardening the kernel/system tools lets me
sleep better.

Having said that, why GRSEC/PaX Linux over OpenBSD?  I run sereval
OpenBSD and hardened Gentoo servers with GRSEC/PaX Linux and I trust
both.  OpenBSD is impressively secure across the board, but I what I
like about GRSEC is RBAC which, when properly configured, strongly
restricts a daemon's capabilities.  For systems with a narrow goal, I
tend towards GRSEC.  (I haven't enabled RBAC yet in tor-ramdisk, but
that's next.)  I can also assure people that my student (Melissa) and
I keep our eyes on the upstream dependencies for any security issues
and will update tor-ramdisk accordingly.

I don't want to annoy the list, so I think if we want to continue
talking about the relative merits of the varoius hardening techniques
employed by both, stackgaps, ssp, w^x and the like, we should do so

Anthony G. Basile

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org