RE: Re: PHP coder needs Tor details
Actually Windows does exactly the same thing. e.g. the 'Network Service' and 'Local Service' accounts. See http://www.microsoft.com/technet/security/midsizebusiness/topics/networksecurity/securingaccounts.mspx People seem to forget that the original and worst worm outbreak ever - that efffectively shut down the internet for days was on UNIX... Windows might have its problems but they are not unique. From: [EMAIL PROTECTED] on behalf of Juliusz Chroboczek Sent: Tue 13/02/2007 06:53 To: or-talk@freehaven.net Subject: Re: PHP coder needs Tor details To shorten... How do I allow nobody to utilize Tor (It can already do that but I must start it like a root and stop it like a root) Please don't. The very reason Unix is more secure than Windows is that Unix actively uses the permission system to prevent insecure things like PHP from munging the networking daemons. By running PHP with higher privileges, you'll make your Unix system just as insecure as Windows. Juliusz winmail.dat
RE: Re: PHP coder needs Tor details
Windows hasn't rendered active content by default since XP SP2. It has never rendered it by default in Vista or Windows 2003. Windows also no longer runs as administrator by default (I guess you havnt used Vista yet). Its not just in theory. For instance IIS is now so improved that many sites fed up with the constant hacking, exploits, defacements and patching regime dependency compatibility issues that they experience on Linux are migrating over to Windows server 2003. This has been a consistent trend for some time now and Apache just dropped below 60% market share for the first time since 2002 as a direct result of cumulative migrations from Linux to Windows. As you say 'most installations are now secure by default'. Touché. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eugen Leitl Sent: 13 February 2007 10:34 To: or-talk@freehaven.net Subject: Re: Re: PHP coder needs Tor details On Tue, Feb 13, 2007 at 10:25:54AM -, Tony wrote: This is offtopic, but... Actually Windows does exactly the same thing. e.g. the 'Network Service' and 'Local Service' accounts. See http://www.microsoft.com/technet/security/midsizebusiness/topics/netwo rksecurity/securingaccounts.mspx The point is that rendering active content is default, and running everything as administrator is default (in fact, most Windows userland software needs to be installed and run as administrator) -- the technology and the culture conspire to give us the 250 Mzombie Internet experience we love. People seem to forget that the original and worst worm outbreak ever - that efffectively shut down the internet for days was on UNIX... That was a long time ago. Unix is diverse, and most installations are now secure by default. The technology and the culture work together, and lower profile is one of the key points that diversity is good, monoculture is bad. Windows might have its problems but they are not unique. You're correct only in theory. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: Re: PHP coder needs Tor details
On Tue, Feb 13, 2007 at 07:12:01PM -, Tony wrote: Microsoft Outlook is part of Microsoft Office - not part of Windows. Possibly you mean Outlook Express. [snip] This off-topic thread has gone on for too long. Please stop this thread now. -Paul -- Paul Syverson () ascii ribbon campaign Contact info at http://www.syverson.org/ /\ against html e-mail
Re: PHP coder needs Tor details
On Feb 13, 2007, at 9:37 AM, Michael Holstein wrote: Because TOR is running in the foreground in that terminal. If you want to background the process, put a '' after the command .. eg: '/path/to/tor ' Or you could put the following entry in the config file: RunAsDaemon 1
Re: PHP coder needs Tor details
Hey Crew. Thanks to all for your help. First for all I would like to say that this file.php(which is manipulating Tor) will be located in admin area ONLY and will be intended for use ONLY by admin. Admin area is protected by Apache pass authentication (Digest) over SSL and after that is passed, admin must enter another login password to enter admin area. Only admin will use it - NOT publicly available to users! Next Firstly I need to issue to shell, from PHP, command that will start Tor. Regarding that command... It will have ALL directives that should normally be located in torrc, but there is no torrc, nor I have intention to use it. So command is: -- tor -gid $gid -pidfile $pidfile -RunAsDaemon $b -user $uid -ClientOnly 1 -EntryNodes $nickname, -ExitNodes $nickname -StrictExitNodes 1 -NewCircuitPeriod 3600 - -- Regarding nodes Entry and exit nodes will be same. Before I continue I would like to say that I have made a PHP script that is utilizing regular expresions and harvesting all exit nodes in a list of IP addresses from moria dirs. So I would like to pull from my database IP of a node(NOT nickname) and put it in a $nickname variable. Will this work? Can I select node by IP and NOT by nickname? Also when that will be achived I am going to use PHP cURL and connect with it to 127.0.0.1:9050 using SOCKS5 protocol - then do request to some page on the internet and finaly use POSIX - posix_kill($pidfile, SIGTERM); php function to shutdown Tor, alternatively use kill to which I pass $pidfile, all in shell. Now someone will say that I should connect to Tor using SOCKS4a and am I normall to use ONLY 1 node which will be entry and exit at the same time. Be sure that I am VERY aware of my actions - but I am not here because I don't wana be tracked and because I want to surf anonimously. Now here we come to the bigest obstacle for me.(oh men, soon as I finish this script I am going to read FreeBSD book that I just got and learn that UNIX at once!) Creating a valid shell command: -- tor -gid $gid -pidfile $pidfile -RunAsDaemon $b -user $uid -ClientOnly 1 -EntryNodes $nickname, -ExitNodes $nickname -StrictExitNodes 1 -NewCircuitPeriod 3600 - -- User nobody will run it. - Should I exlude -gid $gid part? - Should $b variable be 0 OR 1 (that is..., should I run it as deamon?) - Should I exlude -user $uid part? - What about $nickname? Can I pass it IP of a node? - What should I put in a $pidfile variable?!? - I never saw one (number or letters?) It will also be used for shuting down Tor at the end of a process... Also I just rememberd something... Whan tor was already runnig(started by root) I was able to utilize connection trough it by nobody, but when I attempted shutdown I got message that there was no process with pid belonging to it - or something similar - so that explains all. Thank in advance... - Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games.
