bad security setting for win32 tor service
Bob Monfort
monfster at gmail.com
Fri Aug 19 19:04:20 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
For what it's worth:
I've been running the tor service with a regular user account on XP
Pro, and have a data directory with the keys and cached directory
encrypted using xp EFS to the account running the tor service (as
well as my own account for convienience). Just had to give the user
account "Log on as a service" rights.
Is running it as LocalService better? I also had concern with the
service running under the System account, and want to give the
account running the tor service as little permission as possible,
even sandbox it to just the tor directory if possible.
- -Bob
> -----Original Message-----
> From: owner-or-talk at freehaven.net
> [mailto:owner-or-talk at freehaven.net] On Behalf Of Nick Mathewson
> Sent: Friday, August 19, 2005 6:49 AM
> To: or-talk at freehaven.net
> Subject: Re: bad security setting for win32 tor service
>
> On Fri, Aug 19, 2005 at 08:20:46AM -0500, Edman, Matt wrote:
> > You can also have Tor install the service as the NT
> > AUTHORITY\LocalService account. This patch on 0.1.1.5-alpha does
> > so:
>
> Matt -- I'd like to accept a patch like this. Can you explain to
> me what it would do for Tor's storage, though? J Random User
> shouldn't be able to read Tor's private keys -- can this happen if
> Tor runs as "NT AUTHORITY\LocalService" ? If so, what is the real
> solution?
>
>
> yrs,
>
> --
> Nick Mathewson
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQwYtMLjZjQrA9LuCEQKymwCfb7ioHZKS9PQBeu3OWgMZeXFiNWQAoKIM
iDmQdvNMOb+usS5fBwUVJjG8
=xnSd
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list