[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: The best way to run a hidden service: one or two computers?

Thus spake Robert Ransom (rransom.8774@xxxxxxxxx):

> On Sat, 25 Sep 2010 17:04:14 -0700
> Mike Perry <mikeperry@xxxxxxxxxx> wrote:
> > Thus spake coderman (coderman@xxxxxxxxx):
> > 
> > > however, if an attacker has access to read this locally they've
> > > already compromised you to a degree that random mac affords no
> > > protection...
> > 
> > Is this really true?
> If you are running a hidden service, on a computer with no network
> access except through Tor, no -- you might not be hosed just by an
> attacker being able to run a shell command, but leaking an actual MAC
> address from an actual NIC might get you tracked down.  (An attacker
> with shell access can read your MAC address on Linux just by running
> ifconfig, even as an ordinary user.)

Hah, yah, I forgot the context of this thread was hidden service
threats. This thought popped into my head a day after reading
coderman's original post and thinking about securing plugins in
Google Chrome.

But yes, your statement about command injection is absolutely true. In
fact, in some cases commands that run may even be restricted by an
AppArmour or SELinux policy (if you run Ubuntu 10 or Centos 5), but an
attacker still could run some socket syscalls and commands with these
limited privs.

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Attachment: pgpCgRCP41nYA.pgp
Description: PGP signature