[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] EFF Tor Challenge

On Thursday, June 2, 2011, Javier Bassi <javierbassi@xxxxxxxxx> wrote:
> What is think he is trying to say is that if someone finds a security
> vulnerability in Tor/Vidalia (this has happened in the past) the
> attacker can easily have a list of all IPs running relays, and may
> compromise all their machines with his 0day. And also he mention that
> even if Tor is chrooted, the attacker can break out of the chroot
> jail. This is not as easy as it sounds. To break out of the chroot
> jail you need to escalate privileges first and how do you get root
> inside a chroot jail? ( Of course if Tor was not running as root)

Fascinating, this does make the argument much more clear. best, Joe

Joseph Lorenzo Hall
ACCURATE Postdoctoral Research Associate
UC Berkeley School of Information
Princeton Center for Information Technology Policy
tor-talk mailing list