On 7. Sep 2019, at 12:20, teor teor@riseup.net wrote:
Hi,
On 6 Sep 2019, at 20:14, Roman Mamedov rm@romanrm.net wrote:
Where does the security weakpoint risk come from? Does apt-transport-tor/onion service repository availability help in your mind here?
As with adding any third-party repository, it means trusting the repository provider to install and run any root-privilege code on the machine. In case the repository server (or actually the release process, including signing) is compromised, on the next update it can serve malicious or backdoored versions of the software. So naturally from the security standpoint it is beneficial to add (and trust) as few repositories as possible, just to reduce the "attack surface".
So one thing Tor could do here is run easily and securely without root?
T
Not really I think. I kind of subscribe to the same argument (I think it is the same argument at least) for almost all software I install: - I want fast and low-risk updates in the case of a security update, so please give me a patch that fixes only the security issue - I want a low-hassle installation, so frequently updating (more frequently than every other year or so) is really annoying. Especially if there could be changes in the configuration that I have to adapt, and even more so if I cannot have confidence that all configuration changes I might need to make are given during the update. - I never want a software to update without my knowledge, so absolutely no phoning home for updates/automatically updating. Even without root. Being able to execute a binary on a system is not very far from being root on that system these days.
I think I apply this to every software with the exception of Tor, and for Tor I only do it because of my project involvement and the big trust I put into the maintainers of our repository. For other stuff, I just stop running it if it doesn't work out of the box provided by my distribution.
Cheers Sebastian