[tor-relays] T-shirts and Confirming Relay Control
Matthew Finkel
matthew.finkel at gmail.com
Sun May 3 21:47:55 UTC 2015
On Sun, May 03, 2015 at 08:20:54PM +0000, Matthew Finkel wrote:
> On Sun, May 03, 2015 at 12:05:49PM -0700, Aaron Hopkins wrote:
> > On Sun, 3 May 2015, Matthew Finkel wrote:
> >
> > >Assuming the path to their data dir is /var/lib/tor, we ask them to run:
> >
> > Please don't get in the habit of asking relay operators through e-mail to
> > run complex bash command lines as root. As a security practice, this is
> > terrible. (How do you know the suggested command wasn't altered before it
> > reached its recipient?)
>
> Yes, this is terrible, and I really hate the idea of asking it. I signed
> all my emails for the t-shirt requests, but now we're relying on
> everyone fetching my key and verifying the mail - so, that's also a bad
> assumption. I don't have a good solution. This is why I'm asking.
>
What if we add the commands to the t-shirt[0] website? Again, this isn't
a great solution, but we already have documentation which requires
running commands with elevated privileges on there, and it's slightly
better than sending it in an email. These commands are still more
complex than I'd like, but if beside providing an executable or
verifiable shell script, I'm running low on solutions.
[0] https://www.torproject.org/getinvolved/tshirt
Thanks,
Matt
More information about the tor-relays
mailing list