[tor-talk] Securing a Relay - chroot
Eugen Leitl
eugen at leitl.org
Thu May 26 14:31:42 UTC 2011
On Thu, May 26, 2011 at 06:44:19AM -0700, CACook at quantum-sci.com wrote:
> On Thursday 26 May, 2011 05:37:06 Eugen Leitl wrote:
> > Why don't you like Linux vserver? My relay did some 350 GByte/day,
> > in a vserver guest on a low-end Atom box.
>
> It must necessarily share the network setup with the host,
You don't have another NIC to bind it to? Isolate the
traffic via VLANs?
> and so the LAN class C since I can't set up the router
So you're worrying about a compromised vserver guest
compromising the host, which is then used to attack
your LAN segment?
> downstream with multiple IPs. Not secure. Also it would
> have the same firewall settings, and that is not acceptable either.
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the tor-talk
mailing list