[tor-talk] EFF Tor Challenge

Marsh Ray marsh at extendedsubset.com
Thu Jun 2 01:41:47 UTC 2011


On 06/01/2011 07:35 PM, CACook at quantum-sci.com wrote:
> On Wednesday 1 June, 2011 16:39:22 Javier Bassi wrote:
>> I have to say I felt a bit disappointed when I saw that the EFF
>> was also running a middle node. I thought they would be running
>> the openest exit node.

Everybody's gotta choose their battles and the EFF has chosen enough of
them to earn my great admiration.

> Although, until a Best Practices emerges for running a relay
> securely, I won't be running a relay at all.  We went over this in
> detail here recently.  The three methods I can think of have
> problems:
>
> - chroot jail can be broken by a skilled cracker.

Yeah it's usually a matter of only a few weeks between local privilege 
escalation exploits for Linux are published on lists like 
Full-Disclosure, and those are just the ones that are not sold. Security 
boundaries on shared commodity hardware have almost always turned out to 
be ineffective. They're a myth, like Santa Claus, one that basically 
honest and good-natured people agree to believe in because of the huge 
cost savings it enables (over having to purchase separate hardware for 
every category of data).

But this latest round of virtualization technology is holding up better 
than I'd expected.

> - VirtualBox VM bridged to LAN still must share the LAN class C, and
> could potentially monitor internal traffic.   (And please don't
> quibble with me calling it a class C... they have to make up a name
> and stick with it.  I still call Nissan's a Datsun)

No, you're factually wrong on the deeper point. The muddy terminology is 
just a symptom.

> - VPN to router, most routers do not have VPN functionality, only the
> business-class like ProSafe.

Don't forget the host-only virtual networking that was suggested too.

> Until Best Practices are defined, many of us will be wary as we know
> what is possible.

Yes, everyone should think and plan carefully before running anything 
that accepts incoming connections from the internet. However, the 
millions of actual servers on the internet show that many can accomplish 
it in practice (both well and poorly). A Tor internal node is not really 
special in this regard and, actually, its attack surface is relatively 
limited in comparison. Just imagine trying to secure a full-featured 
multiuser mail server!

Personally I'm more concerned about running Wordpress or any other 
random PHP app than TOR.

- Marsh


More information about the tor-talk mailing list