[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Debian relay Puppet module



On Wed, Jun 18, 2014 at 9:34 PM, Zack Weinberg <zackw@xxxxxxx> wrote:
> If the process listening on port 80 is the Tor process, then any
> vulnerability in the HTTP service it presents to port 80 can be
> exploited for a direct attack on the relay itself.  If port 80 service
> is provided by a separate program (e.g. lighttpd) running under a
> different user ID, then an exploit of *that* program may not be able
> to affect the relay.  That's all I meant.  (The Wikipedia article is
> talking about a related thing, but not really the same.)

Yes, clear now, thanks for the explanation.

-- 
http://about.me/alexanderfortin
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays