[tor-relays] Operator straw poll: Reasons why you use Tor LTS versions?

Sebastian Hahn mail at sebastianhahn.net
Sat Sep 7 11:37:21 UTC 2019



> On 7. Sep 2019, at 12:20, teor <teor at riseup.net> wrote:
> 
> Hi,
> 
> On 6 Sep 2019, at 20:14, Roman Mamedov <rm at romanrm.net> wrote:
> 
>>> Where does the security weakpoint risk come from? Does
>>> apt-transport-tor/onion service repository availability help in your
>>> mind here?
>> 
>> As with adding any third-party repository, it means trusting the repository
>> provider to install and run any root-privilege code on the machine. In case
>> the repository server (or actually the release process, including signing) is
>> compromised, on the next update it can serve malicious or backdoored versions
>> of the software. So naturally from the security standpoint it is beneficial to
>> add (and trust) as few repositories as possible, just to reduce the "attack
>> surface".
> 
> So one thing Tor could do here is run easily and securely without root?
> 
> T

Not really I think. I kind of subscribe to the same argument (I think it is the
same argument at least) for almost all software I install:
 - I want fast and low-risk updates in the case of a security update, so
   please give me a patch that fixes only the security issue
 - I want a low-hassle installation, so frequently updating (more frequently
   than every other year or so) is really annoying. Especially if there could
   be changes in the configuration that I have to adapt, and even more so if
   I cannot have confidence that all configuration changes I might need to
   make are given during the update.
 - I never want a software to update without my knowledge, so absolutely no
   phoning home for updates/automatically updating. Even without root. Being
   able to execute a binary on a system is not very far from being root on
   that system these days.

I think I apply this to every software with the exception of Tor, and for Tor
I only do it because of my project involvement and the big trust I put into
the maintainers of our repository. For other stuff, I just stop running it
if it doesn't work out of the box provided by my distribution.

Cheers
Sebastian


More information about the tor-relays mailing list