The best way to run a hidden service: one or two computers?

katmagic the.magical.kat at gmail.com
Sat Sep 18 17:35:51 UTC 2010


On Fri, 17 Sep 2010 16:36:16 -0400
hikki at Safe-mail.net wrote:

> Robert Ransom:
> 
> > Only if you trust the hardware firewall/router. I wouldn't.
> 
> Okay so there aren't that many safe options to run a hidden service
> really, if any at all?
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo at torproject.org with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

The router issue is only relevant if you're exploited, and if you're
running a firewall, get exploited on the root level, too. I'd look into
privilege separation software if you're really serious about security,
specifically AppArmor and SELinux, or systrace if you're on *BSD.
(AppArmor is much simpler than SELinux, though SELinux is probably more
powerful. Personally, I like systrace the best.) Just make sure you
update frequently, and you'll probably be good. :-)

--
more than just a leitmotif
PGP Key ID: 33E22AB1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100918/920146b6/attachment.pgp>


More information about the tor-talk mailing list