[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] EFF Tor Challenge



On 02/06/2011 16:30, Javier Bassi wrote:

>> I hate to feed a troll, but many of us run relays that we monitor for
>> badness... it's hard to tell from your curt messages what exactly your
>> issue is or what your use case is. I'm certainly sure you're one of
>> very few people that have alleged Tor is coy about security. Maybe if
>> you laid your case out in more detail, with moderated rhetoric, we
>> could engage on substance. best, Joe
> 
> What is think he is trying to say is that if someone finds a security
> vulnerability in Tor/Vidalia (this has happened in the past) the
> attacker can easily have a list of all IPs running relays, and may
> compromise all their machines with his 0day. And also he mention that
> even if Tor is chrooted, the attacker can break out of the chroot
> jail. This is not as easy as it sounds. To break out of the chroot
> jail you need to escalate privileges first and how do you get root
> inside a chroot jail? ( Of course if Tor was not running as root)

"If Tor has vulnerabilities, it might get exploited!"

Of course, you can replace "Tor" with any other application name. Tor is
not special in this regard.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk