Changes between Version 58 and Version 59 of doc/OperationalSecurity


Ignore:
Timestamp:
Apr 23, 2010, 10:48:27 AM (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/OperationalSecurity

    v58 v59  
    247247See Steven J Murdoch's guide to [:TheOnionRouter/TorInChroot: running Tor in a chroot] and/or [:TheOnionRouter/OpenbsdChrootedTor: running Tor in an OpenBSD chroot].
    248248
    249 Be careful when reading [http://tor.eff.org/docs/tor-doc-server.html.en the official tor install procedure], the expression "If you're the paranoid sort, feel free to put Tor into a chroot jail" is possibly misleading.
     249Be careful when reading [https://www.torproject.org/docs/tor-doc-server.html.en the official tor install procedure], the expression "If you're the paranoid sort, feel free to put Tor into a chroot jail" is possibly misleading.
    250250
    251251Chroot is a good jail for root privilege processes only on FreeBSD 4.x or newer. On other platforms, chroot is a [http://www.bpfh.net/simes/computing/chroot-break.html corruptible jail] ! For those not reading this link, you need to know that the corruption works with a hole in tor, and a hole in the platform to get root privileges.  If you do not run Tor as root, nor provide any suid executables within the chroot environment you are not at risk.
     
    399399== Other Resources ==
    400400
    401          Resources ==
    402401[http://www.cert.org/security-improvement/ CERT® Security Improvement Modules]
    403402