[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?
On Sat, 7 Sep 2019 20:20:06 +1000
teor <teor@xxxxxxxxxx> wrote:
> > As with adding any third-party repository, it means trusting the repository
> > provider to install and run any root-privilege code on the machine. In case
> > the repository server (or actually the release process, including signing) is
> > compromised, on the next update it can serve malicious or backdoored versions
> > of the software. So naturally from the security standpoint it is beneficial to
> > add (and trust) as few repositories as possible, just to reduce the "attack
> > surface".
>
> So one thing Tor could do here is run easily and securely without root?
This will not address the concern, because AFAIK in Debian the package
management scripts (contained inside the .deb's DEBIAN dir: preinst, postinst,
prerm and postrm) always run with root privileges on package addition or
removal.
--
With respect,
Roman
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays