Jim McClanahan wrote:
Hi, I have read on this mailing list several times about how some previous versions of Tor contain vulnerabilities that can threaten the host machine itself. I am reminded of this again with Pei Hanru's excellent work tracking down the "tbreg mystery." (I too say "thank you".) While I understand that all software has bugs, some of which can be exploited for malicious purposes, I've long wondered how such vulnerabilities in Tor threaten the host itself if Tor is being run (as recommended) as an unprivileged user. Can somebody explain, or point me to an explanation? Thanks.
Hi Jim,Not so much related to Tor itself, but more toward general security. If a standard user account were to be compromised, that's the first step in getting control of a machine. Even with Tor running as an unprivileged user, if a security problem were exploited, that could lead to unprivileged access to the machine- then the attacker just has to find a suitable way to crack the box through an exploit, polluted binaries, or even a scripted dictionary attack on the box from inside. But you run this same risk from any internet facing service.
The best first defense is to make sure everything is patched (Along with the standard fire walling, log analysis, and general paranoia). From a personal standpoint, I usually recommend so called "enterprise" distributions of Linux or BSD variants. They don't always have the latest wizbang features, but from a security standpoint they have been bashed about enough that they might be a little more hardened than others.
This is of course from the standpoint of *nix.On a Windows XP or earlier setup, most user servers are running with administrative privileges. You can guess where that can end up. It's better (a bit) on server versions of Windows.
I can't comment on anything related to OSX, the last version I ran was developer release one. But the principles are the same.
Michael