19 Jun
2014
19 Jun
'14
9:06 a.m.
On Wed, Jun 18, 2014 at 9:34 PM, Zack Weinberg zackw@cmu.edu wrote:
If the process listening on port 80 is the Tor process, then any vulnerability in the HTTP service it presents to port 80 can be exploited for a direct attack on the relay itself. If port 80 service is provided by a separate program (e.g. lighttpd) running under a different user ID, then an exploit of *that* program may not be able to affect the relay. That's all I meant. (The Wikipedia article is talking about a related thing, but not really the same.)
Yes, clear now, thanks for the explanation.