The best way to run a hidden service: one or two computers?
hikki at Safe-mail.net
hikki at Safe-mail.net
Sun Sep 19 11:11:21 UTC 2010
Robert Ransom:
> The VM is optional *if* and *only if* an attacker cannot possibly get
> root on your hidden service.
How do external attackers get root access on a Linux system, and how do they
then communicate with the system as root, like listing directories and
changing configuration files as you would have done in a shell, when they're
basically limited to a hidden website with the browsers address bar and
maybe a few input forms? It gets more sensible when we're talking about
default and open websites with the server's true IP addresses and ports out
in the public, and exploitation of SSH servers. I'm just curious about that.
BTW how do you reply to specific posts? All I'm doing here is replying to
my own original post. Thanks.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list