On 14-06-17 01:51 PM, grarpamp wrote: > On Tue, Jun 17, 2014 at 10:38 AM, Jonathan D. Proulx <j...@csail.mit.edu> > wrote: >> I'm not sure if this was meant as a technical or aesthetic preference, >> but I am curious. Is there any technical benefit to rounning a more >> diverse set of opensource oprating systems for tor nodes? I discount >> closed source as we don't know what's going on in there. >> >> Would that present significantly different attack surfaces? I can >> imagine a vulnerability in the TCP stack or other kernel functionality >> in Linux would not be the saem in FreeBSD or vice versa... >> >> My nodes are currently Ubuntu but if there's a reason to do so I >> coould possibly switch OS to FreeBSD (or hurd does tor run on hurd :)) > > These surface differences result in real world immunities. If all you're > running > is one thing, and that one thing gets cracked, it's over. This happens all the > time. And it's not just the kernel, it's also the differences in libraries, > etc. > So yes, for that purpose regarding the Tor network, don't pick Linux > or Windows. If you want to play and learn something new and not closed > source, pick one of the BSD's... Free, open, dfly, net. FreeBSD is the > obvious general choice, the others will subject you to more specific > challenges. > > 4796 Linux > 1650 Windows > 294 FreeBSD > 75 Darwin > 35 OpenBSD > 9 NetBSD > 4 Bitrig > 2 SunOS > 2 GNU/kFreeBSD > 2 DragonFly
Within the (GNU/)"Linux" category there are significant differences among the distros. One obvious example is they dont all ship with the same OpenSSL version. Something as simple as enabling and configuring the firewall (or adding a firewall layer like a router) can set your relay apart from most of the default installs out there. Compiling Tor or the kernel or libevent, for example, with different versions of the compiler or custom options can give different behaviour to attacks. My point being, if you dont know an operating system well, it may not be safer to put a relay on it. Perhaps better to maintain an O/S you know well, study its security properties, and use customizations to give it a different attack surface. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays