Question About Security Threat from Tor
Michael
cozzi at cozziconsulting.com
Sun Jun 28 18:30:16 UTC 2009
Jim McClanahan wrote:
> Hi,
>
> I have read on this mailing list several times about how some previous
> versions of Tor contain vulnerabilities that can threaten the host
> machine itself. I am reminded of this again with Pei Hanru's excellent
> work tracking down the "tbreg mystery." (I too say "thank you".) While
> I understand that all software has bugs, some of which can be exploited
> for malicious purposes, I've long wondered how such vulnerabilities in
> Tor threaten the host itself if Tor is being run (as recommended) as an
> unprivileged user.
>
> Can somebody explain, or point me to an explanation? Thanks.
>
Hi Jim,
Not so much related to Tor itself, but more toward general security.
If a standard user account were to be compromised, that's the first step
in getting control of a machine. Even with Tor running as an
unprivileged user, if a security problem were exploited, that could lead
to unprivileged access to the machine- then the attacker just has to
find a suitable way to crack the box through an exploit, polluted
binaries, or even a scripted dictionary attack on the box from inside.
But you run this same risk from any internet facing service.
The best first defense is to make sure everything is patched (Along
with the standard fire walling, log analysis, and general paranoia).
From a personal standpoint, I usually recommend so called "enterprise"
distributions of Linux or BSD variants. They don't always have the
latest wizbang features, but from a security standpoint they have been
bashed about enough that they might be a little more hardened than others.
This is of course from the standpoint of *nix.
On a Windows XP or earlier setup, most user servers are running with
administrative privileges. You can guess where that can end up. It's
better (a bit) on server versions of Windows.
I can't comment on anything related to OSX, the last version I ran
was developer release one. But the principles are the same.
Michael
More information about the tor-talk
mailing list