[tor-relays] Operating system diversity?

krishna e bera keb at cyblings.on.ca
Wed Jun 18 03:03:41 UTC 2014 

On 14-06-17 01:51 PM, grarpamp wrote:
> On Tue, Jun 17, 2014 at 10:38 AM, Jonathan D. Proulx <jon at csail.mit.edu> wrote:
>> I'm not sure if this was meant as a technical or aesthetic preference,
>> but I am curious.  Is there any technical benefit to rounning a more
>> diverse set of opensource oprating systems for tor nodes? I discount
>> closed source as we don't know what's going on in there.
>>
>> Would that present significantly different attack surfaces? I can
>> imagine a vulnerability in the TCP stack or other kernel functionality
>> in Linux would not be the saem in FreeBSD or vice versa...
>>
>> My nodes are currently Ubuntu but if there's a reason to do so I
>> coould possibly switch OS to FreeBSD (or hurd does tor run on hurd :))
> 
> These surface differences result in real world immunities. If all you're running
> is one thing, and that one thing gets cracked, it's over. This happens all the
> time. And it's not just the kernel, it's also the differences in libraries, etc.
> So yes, for that purpose regarding the Tor network, don't pick Linux
> or Windows. If you want to play and learn something new and not closed
> source, pick one of the BSD's... Free, open, dfly, net. FreeBSD is the
> obvious general choice, the others will subject you to more specific challenges.
> 
> 4796 Linux
> 1650 Windows
>  294 FreeBSD
>   75 Darwin
>   35 OpenBSD
>    9 NetBSD
>    4 Bitrig
>    2 SunOS
>    2 GNU/kFreeBSD
>    2 DragonFly

Within the (GNU/)"Linux" category there are significant differences
among the distros.  One obvious example is they dont all ship with the
same OpenSSL version.  Something as simple as enabling and configuring
the firewall (or adding a firewall layer like a router) can set your
relay apart from most of the default installs out there.  Compiling Tor
or the kernel or libevent, for example, with different versions of the
compiler or custom options can give different behaviour to attacks.

My point being, if you dont know an operating system well, it may not be
safer to put a relay on it.  Perhaps better to maintain an O/S you know
well, study its security properties, and use customizations to give it a
different attack surface.

More information about the tor-relays mailing list