On Sunday, January 30, 2022, 2:26:08 AM PST, Roman Mamedov <r...@romanrm.net> wrote: On Fri, 28 Jan 2022 19:58:49 -0700 David Fifield <da...@bamsoftware.com> wrote:
>> But a slight variation does work: make secret_onion_key.old and >> secret_onion_key_ntor.old *directories*, so that tor_rename cannot rename a >> file over them. It does result in an hourly `BUG` stack trace, but otherwise >> it seems effective. >> I did a test with two tor instances. The rot1 instance had the directory >> hack to prevent onion key rotation. The rot2 had nothing to prevent onion >> key rotation. > I did not follow the thread closely, but if you want a file or directory contents unchangeable, and not allowed to rename/delete even by root, there's the "immutable" attribute (chattr +i). I like the immutable attribute approach. It can be applied to the original secret_onion_key and secret_onion_key_ntor files. Appreciate the input. Respectfully, Gary— This Message Originated by the Sun. iBigBlue 63W Solar Array (~12 Hour Charge) + 2 x Charmast 26800mAh Power Banks = iPhone XS Max 512GB (~2 Weeks Charged)
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays