[tor-relays] Debian relay Puppet module

Alexander Fortin alexander.fortin at gmail.com
Thu Jun 19 06:06:12 UTC 2014


On Wed, Jun 18, 2014 at 9:34 PM, Zack Weinberg <zackw at cmu.edu> wrote:
> If the process listening on port 80 is the Tor process, then any
> vulnerability in the HTTP service it presents to port 80 can be
> exploited for a direct attack on the relay itself.  If port 80 service
> is provided by a separate program (e.g. lighttpd) running under a
> different user ID, then an exploit of *that* program may not be able
> to affect the relay.  That's all I meant.  (The Wikipedia article is
> talking about a related thing, but not really the same.)

Yes, clear now, thanks for the explanation.

-- 
http://about.me/alexanderfortin


More information about the tor-relays mailing list