The best way to run a hidden service: one or two computers?

Robert Ransom rransom.8774 at gmail.com
Mon Sep 20 15:10:46 UTC 2010 

On Mon, 20 Sep 2010 09:58:14 -0400
hikki at Safe-mail.net wrote:

> Robert Ransom:
> 
> > If your web server and all of the interpreters and programs it runs are
> > competently written, there is no way for an attacker to get root
> > access, or even run a shell command.  Web applications and the
> > special-purpose interpreters they run on are often incompetently
> > written.
> 
> I've noticed that on most Linux distributions, Apache 2 (just an example) 
> runs as a non-privileged user on the system. Though one Apache 2 process 
> does run as Root, but it spawns unprivileged process children. So if it 
> was to be a flaw in Apache 2, or PHP, that an attacker knew about, would he 
> then be able to gain Root access if the software runs as a non-Root user?

Maybe.  Most Linux distributions do not put much effort into protecting
a system against a malicious user with shell access.  Even if you have
no local privilege-escalation holes, there are usually scary
side-channel attacks (e.g. cache-related leakage of AES keys), and you
may have already given the compromised UID permission to send arbitrary
network packets (if it can run VirtualBox, for example, the attacker
can set up a VM with a bridged network device, log in as root in the
VM, and send evil packets at will).

Also, if you haven't bothered to change your MAC address, an attacker
with any UID can read it using ifconfig; your hardware manufacturers
may have kept records of where the device(s) with that MAC address were
shipped.

> > I select the message I want to reply to, and then I click the âReplyâ
> > button in my mail client's toolbar.
> 
> The same as I do. It must be my mail provider that sucks. :)

If you have a Linux system with persistent storage, try Claws Mail.  If
you have a Windows system, gpg4win includes Claws Mail for Windows.
(Unfortunately, it leaks its version number, your GTK version number,
and its build target (including processor architecture) in an X-Mailer
header.)


Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100920/fe5708ee/attachment.pgp>

More information about the tor-talk mailing list