[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Securing a Relay - chroot



--- On Thu, 5/26/11, CACook@xxxxxxxxxxxxxxx <CACook@xxxxxxxxxxxxxxx> wrote:

> > So you're worrying about a compromised vserver guest
> > compromising the host, which is then used to attack
> > your LAN segment?
> 
> Doesn't even have to compromise the host.  With the
> guest in the same class C it can monitor traffic.

This is not true with a vserver, they use IP aliases,
and do not have raw access to the network interface
(unless you give them those specific capabilities).

With lxc you could give it that access, but you
could also firewall its interface from within the
host so that this is not possible (unless the host
is compromised).

-Martin



_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk