tor-ramdisk 20101227 released
Hi everyone I want to announce to the list that a new release of tor-ramdisk is out. Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Security is enhanced by hardening the kernel and binaries, and privacy is enhanced by forcing logging to be off at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported/imported by FTP or SCP. Changelog: This release incorporates an important security fix from upstream. Tor was bumped to version 0.2.1.28 to address CVE-2010-1676. Busybox was bumped to 1.18.1 and the kernel to 2.6.32.27 plus Gentoo's hardened-patches-2.6.32-34.extras. i686: Homepage: http://opensource.dyc.edu/tor-ramdisk Download: http://opensource.dyc.edu/tor-ramdisk-downloads x86_64: Homepage: http://opensource.dyc.edu/tor-x86_64-ramdisk Download: http://opensource.dyc.edu/tor-x86_64-ramdisk-downloads MIPS: Homepage: http://opensource.dyc.edu/tor-mips-ramdisk Download: http://opensource.dyc.edu/tor-mips-ramdisk-downloads -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
tor-ramdisk 20101207 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone I want to announce to the list that a new release of tor-ramdisk is out. Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Security is enhanced by hardening the kernel and binaries, and privacy is enhanced by forcing logging to be off at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported/imported by FTP or SSH. Changelog: This release adds scp functionality using openssh-5.6p1 to export/import the configuration file and private RSA key. The build system was reworked to build dynamically linking binaries rather than static. Also, tor was updated to 0.2.1.27, busybox to 1.17.4, and the kernel to 2.6.32.25 plus Gentoo's hardened-patches-2.6.32-30.extras. i686: Homepage: http://opensource.dyc.edu/tor-ramdisk Download: http://opensource.dyc.edu/tor-ramdisk-downloads x86_64: Homepage: http://opensource.dyc.edu/tor-x86_64-ramdisk Download: http://opensource.dyc.edu/tor-x86_64-ramdisk-downloads MIPS: Homepage: http://opensource.dyc.edu/tor-mips-ramdisk Download: http://opensource.dyc.edu/tor-mips-ramdisk-downloads - -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkz+LX8ACgkQl5yvQNBFVTUBRwCdHba3FDApV6IYlPsRKMO+bVQi picAoKQWkpUr/fZvHYylsxTUTniRfkIZ =T0CU -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor router
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/2010 02:20 PM, James Brown wrote: I have an Asus WL-500gPv2 under dd-wrt and I want to start tor on it. I install tor, privoxy etc. and start it. After it I have the next notification: Nov 11 22:14:06.954 [warn] You are running Tor as root. You don't need to, and you probably shouldn't But I have only root user under dd-wrt. It is possible to add in the system anpther users using adduser utility from optware but it disappears after rebooting router. What is the better - use the tor under root user or make any script adding user and groop for tor after each rebooting my router? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ If you run tor as root, you run the risk that if there is some exploitable in tor, your router can be compromise. I'm curious why you don't run out of ram? I tried this long ago on a Linksys wrt54g with a wopping 16M, and tor worked but lasted about 10 mins before OOM-ing. Understandable sine the router does much of its runtime filesystem in RAM. - -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzdLT0ACgkQl5yvQNBFVTWjeQCeJ2+jaccwadODWuybsBolYBjb YuAAn3Ji4UXOsMcSTaExiAgnrLo0/5Hs =fdGQ -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
tor-ramdisk on git
Hi everyone, I've had lots of requests to add ssh support to tor-ramdisk [1] because ftp is insecure. I originally used dropbear, but after discussion with Jacob, I switched to openssh. I'm not providing images yet, but I've got the build scripts up on a git repo [2]. They're meant to be run on a x86 uclibc system, but might build on glibc and/or x86_64. When I produce the images for distribution, they are built with hardened gentoo, both toolchain and kernel [3]. This give userland pie, ssp, _FORTIFY_SOURCE=2 and the kernel GRSEC/PaX. Feel free to grab the stuff and contribute. I'll throw a GPL-2 in there. Refs. [1] http://opensource.dyc.edu/tor-ramdisk [2] git://opensource.dyc.edu/tor-ramdisk [3] http://www.gentoo.org/proj/en/hardened/ -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: tor-ramdisk 20101011 released for i686 only
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/11/2010 11:25 PM, Anders Andersson wrote: On Mon, Oct 11, 2010 at 11:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote: On 10/11/2010 10:52 AM, Anthony G. Basile wrote: Hi everyone I want to announce to the list that a new release of tor-ramdisk is out. Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Security is enhenced by hardening the kernel and binaries, and privacy is enhanced by forcing logging to be off at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported/imported by FTP. Via FTP? It's probably not a good idea to export a private key without using encryption... All the best, Jake My first thought as well. Pretty much every protocol invented is better than FTP, in this case and most other cases. Another question regarding the logging: I hope you include enough to know if the node is working correctly or not. The logs that are generated could also be deleted after a couple of minutes or an hour as well, which might make it possible to log some more information if necessary to verify functionality. Great project though, a lot of people request this. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Originally I thought of tor-ramdisk as only being accessed via FTP on a trusted LAN. However, several people have suggested using the image in the cloud. I have plans on adding sftp. Also, you can enable logging to console for diagnostics. - -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAky3vpQACgkQl5yvQNBFVTXmAgCfc8NnqKGE0Ak+ZRR7cT7GIlT3 br8AoIL+YHoEX2lb57c0Jsyde+/KaiYt =afLg -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
tor-ramdisk 20101011 released for i686 only
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone I want to announce to the list that a new release of tor-ramdisk is out. Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Security is enhenced by hardening the kernel and binaries, and privacy is enhanced by forcing logging to be off at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported/imported by FTP. Changelog: This is an early release to address a bug in the dhcp client for the i686 port only. We did not update tor which remains stable at 0.2.1.26, but we did update busybox to 1.17.2 and the kernel to 2.6.32.23 + Gentoo's hardened-patches-2.6.32-22.extras. - -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyzTsEACgkQl5yvQNBFVTUB6wCeMvNJjqRVQHT5OXjl2Mop1wRA ztMAoIHR+YZbV0cZy27+TuSZWlZ4S8fo =AYpK -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor-ramdisk 20100618 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone I want to announce to the list that a new release of tor-ramdisk is out. Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Security is enhenced by hardening the kernel and binaries, and privacy is enhanced by forcing logging to be off at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported/imported by FTP. Changelog: Tor was upgraded to 0.2.26, busybox to 1.16.1 and the kernel to 2.6.32.15 plus Gentoo's hardened-patches-2.6.32-12 for the i686 and x86_64 ports. i686: Homepage: http://opensource.dyc.edu/tor-ramdisk Download: http://opensource.dyc.edu/tor-ramdisk-downloads x86_64: Homepage: http://opensource.dyc.edu/tor-x86_64-ramdisk Download: http://opensource.dyc.edu/tor-x86_64-ramdisk-downloads MIPS: Homepage: http://opensource.dyc.edu/tor-mips-ramdisk Download: http://opensource.dyc.edu/tor-mips-ramdisk-downloads - -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwcqGgACgkQl5yvQNBFVTXhiACfR1KFNS1bh842SRtWSgeAwzUQ qqYAnRPCeooAs4TIQ1pJnqLrrLmgBTEn =hiBN -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/