From owner-freebsd-hackers@freebsd.org Tue Dec 11 18:59:54 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B0B00130F0F0 for ; Tue, 11 Dec 2018 18:59:54 +0000 (UTC) (envelope-from atypical@autisticstory.net) Received: from cloud-vps.localdomain (unknown [IPv6:2001:15e8:110:75a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F282A85FE0 for ; Tue, 11 Dec 2018 18:59:53 +0000 (UTC) (envelope-from atypical@autisticstory.net) Received: from localhost (localhost [127.0.0.1]) by cloud-vps.localdomain (Postfix) with ESMTP id 009C340635 for ; Tue, 11 Dec 2018 19:59:51 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at mail.autisticstory.net Received: from cloud-vps.localdomain ([127.0.0.1]) by localhost (mail.autisticstory.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ovKm3eLhM_6A for ; Tue, 11 Dec 2018 19:59:48 +0100 (CET) Received: from [192.168.1.104] (unknown [83.142.188.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: atypical@autisticstory.net) by cloud-vps.localdomain (Postfix) with ESMTPSA id 4AB953FD09 for ; Tue, 11 Dec 2018 19:59:48 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=autisticstory.net; s=201807; t=1544554788; bh=/pXQnTDOUiXU6llget3c8qDX6dk2iT99boMRvSEODsc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=FMwZ67E8xM7Rtn3KJSo8//hMNS9GetCu6ISoFe3yHO7f4geMkWmYY5VQGe2TaA4PB G/v/OO6b2M1X7ef9vp8XIF9zkNmKOYUPhC6jZ0rNo3Xh4KSkYZ+S+DqQsvAMe93n/A dWhP3Z7sZzlKRN64AYenmnfAZocA+39/+gB07ygNRhOdrcd/zrFDxM/9uT7LeHoh0u 2+tjmAqGeKubvbKhYIH0ip0BU3p7OS3jG+8teS3qht1hKXc62WjFn+PW/NA0vpoWLV 0Qc9ewUD8DZaY1serrUb2x6zYGu6QqAPitSrz7tiuhe4mY6yJrt9ySpZFl+83pxK3c b/0gCoY6QUpK0E9Jyd0Uu08gnl64OxzdSTj5ZBhihHpKO30cPLhK2+XXAsp09I7nS0 uRpwKoc1w9h2+G9zwUx160TaBnCOgT3uQd6KIBpNVWGXBhaZM2EBIZa+gXUgS6rKen JeNKioHG/qq7H7N5R4PNHCkTbnfzQ5xQQ4UwjhAuZ+Jw2vW1b0bIHCVtX09nNwdhAM 3XqyG1j3aTP3TxxdmfaPioXCz8BmP2gdpzu6hlBKtsPrKs0+TcuC2IPPSswGaTUMNS CQ6TTXSbqnscS3PeIARtFKbxvxK/FRmuQnTMc6gxWA9Jol9gy2nb0oCCTQS26F7BSN yKMGdUrL7lNgW78PmBmbk/8M= Subject: Re: Running Tor service in the jail environment To: freebsd-hackers@freebsd.org References: <66526968-1446-c95e-629a-fb9e1b246111@mail.com> <1544543387.1860.347.camel@freebsd.org> From: Hubert Hauser Openpgp: preference=signencrypt Autocrypt: addr=atypical@autisticstory.net; keydata= xsFNBFvfH1cBEADMaaPj9N4y/pGIYrpYgkmabzCa+3AP/GZH3++d7DLGcVH7cePoCKKANa/F 9LXXACQDMmkdXBPXndUAN1sZmzYiQF+E15G9U9BEx1wBJxMmevGbJ28XGIu8ZTwOcNzIlO5G yhQVbKlfckuIEMFnPhqm863a91UyyQL19/JWnDBfq/DOTmPSc/tWPfWgpJdCsI6zRWreLXCb fwVg4L3prqkJbjVIuPsKS5YBF1eII6ABqcFvlGdZFQaN6Cy/4+pswVQUAaySWG/1tYq9XMbV 6zuBl15l8txRYu0aNdnV6A6900HmeKAWCthw1JMemOggMokxU5OR8dHez0CMPDvSJaXLJr0t wZeOlcK2Z8vSE1IRyvdSbtBKWM6YzfX+hOQzxRGy3qi4Z8Pk1yx9pjtrueM1Fhz3Ag7TQNuv tLMlfYx1PgZyWVNo8K7J/D2jS/Sk6uMkgMfq5D3Ef1sJb8lh2kIxU5mRrlQQof+g/HW9iIP2 qXuylJvwNGpqGX52Hrz17B6tZaRtBnRHV2ZX4dv3LI+msGzjePrYdKPUmjdkPf8ztUps0qMY F93zXL5PEyuv9UmNeJlr+5UCcWWB9w71vSbTCqIIxTzhlQ+09118b//XTYYnolAcFb3KE5iM eMYG67OkmvAjaKFh75TKlGcQNmvX45l4kzl9guyYsysH7knJQQARAQABzSpIdWJlcnQgSGF1 c2VyIDxhdHlwaWNhbEBhdXRpc3RpY3N0b3J5Lm5ldD7CwZQEEwEIAD4WIQRJqW9Zo0ULA/tV 5BgsJbHYs2XiPQUCW98fVwIbIwUJCWYBgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAs JbHYs2XiPcuXEACsPUZvMEJ7wUfnRr0EEVF3jWCuTSW2cD/HJG2mgwmu0SHDQJTwn5TNUYfv Yt2fBnL6TxnJxz2gjnF7DLuk7Gpo5ABmIjuh41f4NaVIbiBdVhMjueQISSEaaMJTbg4lQpr5 kPR+SWN6om3gff7V2SJ9ZozsVl/wc1wl75ndwk87gxvZJsQxhwIB6JOWCrtnD6SbldDcrKy9 wYGTEKnZpHMQaE5BB/1BADrHICPe4V2GYVTNpV/o7cneVAPSUT/AlUJHvVq6PWEOg7ld/rWq CaW9YbR+/wSikiwY5X7F+yg33G3Ys0mHVuDnWIKhGr24C/n6g3PjWTAdpg3MTBDitYFxjucZ S1luTooCkgYIF04/weV2ghrVOvAYCbtr+oN5mvfR2BwIW6v6SChyHOUMAEYyA2SHOjlNEv7+ Ws9zEHYlYXeTYIc/KMxsSEaVSuXQfsVn5uxMHlbeJ5ypMBDdke9zh6XJ39npgkR2eFHQJIqd 4BTqQbuSJPZllhXYwaeHfMy4ZZf41JFdXLNBXeQqXvnjjugGG0IrsC72OORp9iE+/4zbO/yg BvMD0jWVO94DL/3amH4nMM0RUBXIlo0mBDeuDvB0PIAyw2/fqSuMAmykLI40JoaKIfgeMcyU bv4Ra06Lz8oLXC63T6ZKT655lLU/P1cbgJXiwGjPvjupir9nEs7BTQRb3x9XARAAsz4qZEDX HpJ7s9AJS0YWjMkG2STodEV6XNaNum5BnXUF583vJUeAH9bEGqh0CY+MDXBhs4diLGVbacpe Vzac6UBQYKdwfYeZMuX5TFvPsVBv3XGvrNfhNWFnPlTUA7r9fah4QFNcDX0nRt/y1wtGknb1 JQW3vVRb/Z0q4oemPRw1cZ7yCsgBD1yD6ib13U8VYt6v+jxavS6EKh6hXjb/gUC/KOvsm2t7 UIBV5C0b8O98Dvy5csi5qQx3x0h7IAOvchpJ8i31Ke0s7xaJf2ghW2YqfNZOujtebqbc9/uf wuNOCQkL/yRirWpe7WXGAGUbM2rsqucWWpEKaHEEc5icYEeShJOyESOvRR1aEWeNBbntXMXK KMeUzLwYlqPptTxOWApIPbKJ37fHEG8QJi2H1jyn+NKLzB75GsyydUkmj/dLAuD00OF9Nn5B iJQPNFV58Q7VL99pTBhzXDj/2ZHxnYt0dVnyxE+FEOdklIcwX1PizUwHz01nUyFn+7bjgiFS LE2/5P8p7KDnpZAJgIy06sD2g8CsM4WUzRx4VHvHFkJhEWBA/E7AE+JVdEcyzjrhbM4xPR6i GbbxdvzLkUY5puM9srCnDmEN92k8joV3gFRffd2z7wIC+fYtZAhKqJiPHBaLZRQGDwmqO85x zbZBz8BPcP10JE7I4zjXvQmywgsAEQEAAcLBfAQYAQgAJhYhBEmpb1mjRQsD+1XkGCwlsdiz ZeI9BQJb3x9XAhsMBQkJZgGAAAoJECwlsdizZeI9B3kP/iBhveI7ov5IXgSMUmeMyc0MXrUB S8F4KE6kS4o82MGXPFpJunWM8WFtJwmOt6AmtE49RzuI0tH6RPfumiCFs8oaQxfQIfOw9q1I xKgF2nGRBf40OU69K7p9tKEFhqiJRyoqyTNmdunRbMTKUPobyxbH7RArobq+YaDiu4DKZ43Z W/0yR/Z0OBavE3aXeN2ePX6JM0sF2MWBIyha4lT7va1njcgLjUHzMi0l8XLAYH/YfuDHbi3S g5rDXGuvA/DfjHV3Yup1tdx+u3X65sKmSvQ1E8Ol8QCbxyfcHWResAdBdIrBBtQ6PjTw+bS4 29UCVyUJBP8oDWv3G4F9or+rUZjVxSyVdRIsFMe7+64gcPc8GFiT2ML2WhlK15b/F6qrT/bz eT/LATJUyBhYy5FEgaN1sR0YH6PPj1yOOiFS3shY1frasSZrtQS0uOv1tbR0kC40LRwIjodT CiqqoeocxvmCcSUmdS7sO5dwk5UxqHb0pggicR4FtAi9MsAFgqQLli32uAk3sKcoweuzurGe CRZQ3j54zXYQTXMc5l4ciZrwlt9l58VJvWqJzvBxa9XY7I8Y65FfA0dr+QaGtc85Ahq4LVF4 asP53ZlxwK4U7IQC0eg+LctuAxyoViMmGUu2G4arr4N8lGkiXyzzcP9QkWD0uCaH/Ig2JsC7 sCu5NBfl Message-ID: <65a5540f-2f1c-0470-b650-cf9fd696ea7a@autisticstory.net> Date: Tue, 11 Dec 2018 19:58:31 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.3 MIME-Version: 1.0 In-Reply-To: <1544543387.1860.347.camel@freebsd.org> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Language: en-US X-Virus-Scanned: ClamAV using ClamSMTP X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 18:59:55 -0000 Hello! > You should not be running ntpd inside a jail, it won't have the > priveleges to set the kernel clock anyway, only the ntpd running in a > non-jailed environment can do that. How can I prevent running ntpd and lpd in the jail environment? > I wouldn't use a jail for that. Take a look at this article I wrote > about how to use Tor in the manner you're looking for: > > https://github.com/lattera/articles/blob/master/infosec/tor/2017-01-14_= torified_home/article.md It sounds like a good idea but weren't a better solution use an open-hardware device acting as Tor router with installed OpenBSD or HardenedBSD? Why wouldn't you use for it jail environment? I want to place Tor in the jail environment because I want to prevent system being compromised in case compromising Tor service. Thank you in advance, Hubert.