[tor-talk] Another openssl advisory: Tor seems not to be affected (Chroot?)

Tom Ritter tom at ritter.vg
Thu Apr 19 16:01:22 UTC 2012


On 19 April 2012 11:50, Fabio Pietrosanti (naif) <lists at infosecurity.ch> wrote:
> Apache does it with Mod_Security:
> http://www.modsecurity.org/documentation/apache-internal-chroot.html
>
> ProFTPD does it with DefaultRoot:
> http://www.proftpd.org/docs/directives/linked/config_ref_DefaultRoot.html

To add another data point, Colin Percival has blogged about how he
terminates SSL connections in a jail to mitigate this risk.
http://www.daemonology.net/blog/2009-09-28-securing-https.html

-tom


More information about the tor-talk mailing list