[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] EFF Tor Challenge

On Thu, Jun 2, 2011 at 11:35 AM, Joseph Lorenzo Hall <joehall@xxxxxxxxx> wrote:
> I hate to feed a troll, but many of us run relays that we monitor for
> badness... it's hard to tell from your curt messages what exactly your
> issue is or what your use case is. I'm certainly sure you're one of
> very few people that have alleged Tor is coy about security. Maybe if
> you laid your case out in more detail, with moderated rhetoric, we
> could engage on substance. best, Joe

What is think he is trying to say is that if someone finds a security
vulnerability in Tor/Vidalia (this has happened in the past) the
attacker can easily have a list of all IPs running relays, and may
compromise all their machines with his 0day. And also he mention that
even if Tor is chrooted, the attacker can break out of the chroot
jail. This is not as easy as it sounds. To break out of the chroot
jail you need to escalate privileges first and how do you get root
inside a chroot jail? ( Of course if Tor was not running as root)
tor-talk mailing list