[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Securing a Relay - chroot

I am seeing evidence that a chroot jail is not secure, even in Linux, due to breakouts such as  someone running os.fork() from python and spawning processes to do bad stuff.

For torrents I run Debian in a VirtualBox virtual machine which is bridged directly to The Internets, with the VM user and user inside being very non-prived.  My best information is that this is quite secure.

Has anyone done any research on best practices for securing a daemon?
tor-talk mailing list