[tor-relays] FreeBSD 11.1 ZFS Tor Image

Conrad Rockenhaus conrad at rockenhaus.com
Sun Feb 25 22:03:49 UTC 2018 

Wow, I didn't expect my friendly gesture to start another debate, but the 
reasoning behind offering this image was mainly for people who were operating 
on OpenStack clouds who wanted to upload the image to their infrastructure 
using glance and start things up quickly. I'm more than willing to provide the 
ansible scripts I use to initially spin things up, once I clean things up 
since there's still some manual things that can be automated.

I'll just consider this idea dead in the water. That being said:

On Sunday, February 25, 2018 3:50:44 PM CST Shawn Webb wrote:
> On Sun, Feb 25, 2018 at 09:05:00PM +0000, George wrote:
> > Conrad Rockenhaus:
> > > Hello All,
> > > 
> > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image
> > > that is fully configured and ready to run Tor. Right now it's an eight
> > > GB image, but I'm reducing the size by removing all of the extra stuff
> > > on it from the upgrade from FreeBSD 11 to 11.1.
> > 
> > I think it's great to ease the implementation of Tor relays,
> > particularly on BSDs.
> > 
> > However, I'd be wary of an image that I didn't build myself, personally.
> 
> I agree with that sentiment. I would rather Tor relay operators set up
> their systems themselves so that they know how that system is
> configured.
> 
> I would also suggest users run operating systems that specialize in
> security, like OpenBSD or HardenedBSD. Running Tor on FreeBSD opens
> the door to mass exploitation via copy and paste style exploits. I
> would caution against such setups. Tor has a very unique threat
> landscape and the security of the relay should be of upmost
> importance.

I'll be honest, I have never heard of a copy and paste style exploit. What is 
it? Could you provide me a link with info about it, because I run several 
FreeBSD instances and if I have a ticking timebomb on my hands, I need to fix 
it.

> 
> > The TDP wiki has a list of other BSD-offering VPSs, plus a script for
> > Vultur to build on OpenBSD. I tend to think using other people's scripts
> > that can be reviewed and hacked is a better gateway for new relay
> > operators than images.
> 
> Agreed. Not only does the Tor network need to be diversified with
> regards to operating system, but it also needs to be diversified with
> regards to hosting providers. Tor needs to be resilient against any
> and all attacks.
> 
> Thanks,

Thanks,

Conrad
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180225/e021be68/attachment.sig>

More information about the tor-relays mailing list