[tor-talk] Another openssl advisory: Tor seems not to be affected (Chroot?)

Tom Ritter tom at ritter.vg
Thu Apr 19 16:01:22 UTC 2012

On 19 April 2012 11:50, Fabio Pietrosanti (naif) <lists at infosecurity.ch> wrote:
> Apache does it with Mod_Security:
> http://www.modsecurity.org/documentation/apache-internal-chroot.html
> ProFTPD does it with DefaultRoot:
> http://www.proftpd.org/docs/directives/linked/config_ref_DefaultRoot.html

To add another data point, Colin Percival has blogged about how he
terminates SSL connections in a jail to mitigate this risk.


More information about the tor-talk mailing list