[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The best way to run a hidden service: one or two computers?

On Fri, 17 Sep 2010 16:36:16 -0400
hikki@xxxxxxxxxxxxx wrote:

> Robert Ransom:
> > Only if you trust the hardware firewall/router. I wouldn't.
> Okay so there aren't that many safe options to run a hidden service
> really, if any at all?
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

The router issue is only relevant if you're exploited, and if you're
running a firewall, get exploited on the root level, too. I'd look into
privilege separation software if you're really serious about security,
specifically AppArmor and SELinux, or systrace if you're on *BSD.
(AppArmor is much simpler than SELinux, though SELinux is probably more
powerful. Personally, I like systrace the best.) Just make sure you
update frequently, and you'll probably be good. :-)

more than just a leitmotif
PGP Key ID: 33E22AB1

Attachment: signature.asc
Description: PGP signature