[Tor-BSD] Tor relay guide input

Vinícius Zavam egypcio at googlemail.com
Fri Jan 12 11:59:56 EST 2018


2018-01-12 15:15 GMT+00:00 Shawn Webb <shawn.webb at hardenedbsd.org>:
>
> On Fri, Jan 12, 2018 at 03:07:00PM +0000, George Rosamond wrote:
> > nusenu:
> > >
> > >
> > > George Rosamond:
> > >> The Tor Project is assembling a general guide/brochure for
configuring
> > >> relays.
> > >>
> > >> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide
> > >>
> > >> Clearly, a lot of BSD-related information needs updating, and
> > >> NetBSD/Dragonfly should be added.
> > >
> > > Would you volunteer to become the maintainer of those operating
systems?
> > > (I didn't add them because I believe that people using them will not
have a
> > > hard time installing tor and I have already 8 others to keep an eye
on)
> > >
> >
> > I will see what I can do on this...
> >
> > >> Lots of *BSD related information is
> > >> missing and/or inaccurate.
> > >
> > > Can you say more about what is inaccurate about the installation steps
> > > for FreeBSD and HardenedBSD?

https://lists.torproject.org/pipermail/tor-relays/2018-January/014115.html

> > I don't know much about HardenedBSD and it userland differences with
> > FreeBSD, if any, but there are "automatic package updates supported"
> > with FreeBSD with pkg(8)
>
> `pkg upgrade` is cronnable, so both FreeBSD and HardenedBSD could
> perform automatic (and unattended) package upgrades via a cronjob. And
> with that, all the boxes in the grid linked to at [1] should be green
> for FreeBSD and HardenedBSD.
>
> On HardenedBSD 11-STABLE/amd64, Tor is compiled with SafeStack. On
> HardenedBSD 12-CURRENT/amd64, Tor is compiled with both SafeStack and
> CFI with the cfi-icall scheme disabled. We're the only OS to ship Tor
> with those exploit mitigations enabled.
>
> >
> > The other inaccuracies are about OpenBSD which does release binaries
> > usually within 24 hours of a port update, and the port updates are very
> > quick (ty, Pascal), pkg updates can be easily automated and binary
> > updates for the base OS are supported on -stable with syspatch(8).
> >
> > What is exactly meant by "multi-instance support"? Running multiple Tor
> > daemons?  (the language of the cloud invading operating systems...)
>
> Multi-instance Tor (running multiple Tor daemons) is easy on FreeBSD
> and HardenedBSD. The rc script supports it natively. Additionally, one
> can run multiple jails, each with their own Tor instance (this is what
> Emerald Onion does). I'm sure OpenBSD could use chroot.

multi-instance; please. don't.
jails++

> [1]: https://twitter.com/nusenu_/status/948588580032712704
>
> Thanks,
>
> --
> Shawn Webb
> Cofounder and Security Engineer
> HardenedBSD
>
> Tor-ified Signal:    +1 443-546-8752
> GPG Key ID:          0x6A84658F52456EEE
> GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE


--
Vinícius Zavam
keybase.io/egypcio/key.asc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20180112/100bf100/attachment.html>


More information about the Tor-BSD mailing list