19 Jun
2014
19 Jun
'14
6:06 a.m.
On Wed, Jun 18, 2014 at 9:34 PM, Zack Weinberg <zackw@cmu.edu> wrote:
If the process listening on port 80 is the Tor process, then any vulnerability in the HTTP service it presents to port 80 can be exploited for a direct attack on the relay itself. If port 80 service is provided by a separate program (e.g. lighttpd) running under a different user ID, then an exploit of *that* program may not be able to affect the relay. That's all I meant. (The Wikipedia article is talking about a related thing, but not really the same.)
Yes, clear now, thanks for the explanation. -- http://about.me/alexanderfortin