On 02/06/2011 16:30, Javier Bassi wrote: >> I hate to feed a troll, but many of us run relays that we monitor for >> badness... it's hard to tell from your curt messages what exactly your >> issue is or what your use case is. I'm certainly sure you're one of >> very few people that have alleged Tor is coy about security. Maybe if >> you laid your case out in more detail, with moderated rhetoric, we >> could engage on substance. best, Joe > > What is think he is trying to say is that if someone finds a security > vulnerability in Tor/Vidalia (this has happened in the past) the > attacker can easily have a list of all IPs running relays, and may > compromise all their machines with his 0day. And also he mention that > even if Tor is chrooted, the attacker can break out of the chroot > jail. This is not as easy as it sounds. To break out of the chroot > jail you need to escalate privileges first and how do you get root > inside a chroot jail? ( Of course if Tor was not running as root) "If Tor has vulnerabilities, it might get exploited!" Of course, you can replace "Tor" with any other application name. Tor is not special in this regard. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk