[tor-talk] Securing a Relay - chroot

CACook at quantum-sci.com CACook at quantum-sci.com
Wed May 25 19:30:58 UTC 2011


I am seeing evidence that a chroot jail is not secure, even in Linux, due to breakouts such as  someone running os.fork() from python and spawning processes to do bad stuff.

For torrents I run Debian in a VirtualBox virtual machine which is bridged directly to The Internets, with the VM user and user inside being very non-prived.  My best information is that this is quite secure.

Has anyone done any research on best practices for securing a daemon?


More information about the tor-talk mailing list