From owner-freebsd-hackers@freebsd.org Tue Dec 11 19:12:55 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 01A3313100FC for ; Tue, 11 Dec 2018 19:12:55 +0000 (UTC) (envelope-from ian@freebsd.org) Received: from outbound2m.ore.mailhop.org (outbound2m.ore.mailhop.org [54.149.155.156]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5EE168722A for ; Tue, 11 Dec 2018 19:12:54 +0000 (UTC) (envelope-from ian@freebsd.org) ARC-Seal: i=1; a=rsa-sha256; t=1544555552; cv=none; d=outbound.mailhop.org; s=arc-outbound20181012; b=ZGA35fk4sc+GrtiNE4/JkdLKY+BBsXmsViOPf7jfv1mzJSi2qmt4v4EFqW+mz68zvcqtqGYxZeY8U rU2Kcir76s4k55Tb99vOSBvM89hwygDQ/BabAGt4x/OpeiZffp29sNPyGE24I08pRgBGDmCkAoun5s g36NeHe3PC+cJaJKriUZqzFpKuitSpFa+24kc3EBrhxFLhMEaQZouQyJo+ZecZE44Ax3lLa+InC188 l4E0yQRYz/4pcoFVp9a4Cxwuf0/JQYqFZydcNZ5oqrzigjifYFm2DeBHXiSH0Iw1nULkCtf0vshaHi mSa4WrFYUfIaU84bqnuquYjzGgDmmHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=arc-outbound20181012; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:to:from:subject:message-id:dkim-signature:from; bh=S3ntATMsWw1wYis5WyNEdBiu+Gr6FLBooBsJzz5wO5U=; b=P+oMakK2Btyad51a45VoPLa8Wsl/7NN/QmpOczFLTwj/hh33/e+oUqCm6DO0pqGzCHFfgKZ67Kod3 HR0VGa+ilc20kuHuLzgkdL0GZFOLlvIyYlCcgMU59rdxpTclUBZQgX5s6tPUzvJD3+jAWtKBpRfILN UoQxvdOeSnlOtjHbkFAG1ydqSqaqQWKncDCbGtJDrdyjyqM3tE6KDlew5KjYP9RqfOuWOGM+mPwFhH 4QGSToVXMP6MQSS8Kfr2fcr6UlsiJ0Blxw9QtEiMjbyn6lzWJCmo1pjBNdeLXEF826u38hw+h5NFPH rXmf8tlO62rgmfkcPF0Y7uHCF2ZLtJQ== ARC-Authentication-Results: i=1; outbound4.ore.mailhop.org; spf=softfail smtp.mailfrom=freebsd.org smtp.remote-ip=67.177.211.60; dmarc=none header.from=freebsd.org; arc=none header.oldest-pass=0; DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outbound.mailhop.org; s=dkim-high; h=content-transfer-encoding:mime-version:content-type:references:in-reply-to: date:to:from:subject:message-id:from; bh=S3ntATMsWw1wYis5WyNEdBiu+Gr6FLBooBsJzz5wO5U=; b=u4cASiEqO5GJ5H3+xN1lpBjRYtyPnbcv+33d0GGJggieeDEFD3jb02xC4bRr5fUEEH4YZGj6mFkpa dFfMWgKb7sQL2y1w6QSFTVkyEgq6d9aRyKeq+eU3125QEkUMixxz29fhR998Hy40dP1eZkXFqbJkf4 y/SkBqNpPDQx7Pm2ZC/wIqM91w6ZJJoedj4ecDt3LLfXX+wu5xHjdA/EFlHvfdPDM3yEbUeLRQl8Zw WjZzQJ4EU5sNEYnI9nbX7PNCHaE8pSpQEM2qiKzqrAYykCurkAzgklLqzUzn70kKFr+dKUGv+sB15X 9W/Lv00UAm9jl5IcmGYdKT8XTiin7dg== X-MHO-RoutePath: aGlwcGll X-MHO-User: b45d063d-fd78-11e8-befd-af03bedce89f X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information X-Originating-IP: 67.177.211.60 X-Mail-Handler: DuoCircle Outbound SMTP Received: from ilsoft.org (unknown [67.177.211.60]) by outbound4.ore.mailhop.org (Halon) with ESMTPSA id b45d063d-fd78-11e8-befd-af03bedce89f; Tue, 11 Dec 2018 19:12:31 +0000 (UTC) Received: from rev (rev [172.22.42.240]) by ilsoft.org (8.15.2/8.15.2) with ESMTP id wBBJCmJ5075644; Tue, 11 Dec 2018 12:12:48 -0700 (MST) (envelope-from ian@freebsd.org) Message-ID: <1544555568.44045.12.camel@freebsd.org> Subject: Re: Running Tor service in the jail environment From: Ian Lepore To: Hubert Hauser , freebsd-hackers@freebsd.org Date: Tue, 11 Dec 2018 12:12:48 -0700 In-Reply-To: <65a5540f-2f1c-0470-b650-cf9fd696ea7a@autisticstory.net> References: <66526968-1446-c95e-629a-fb9e1b246111@mail.com> <1544543387.1860.347.camel@freebsd.org> <65a5540f-2f1c-0470-b650-cf9fd696ea7a@autisticstory.net> Content-Type: text/plain; charset="ASCII" X-Mailer: Evolution 3.18.5.1 FreeBSD GNOME Team Port Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 5EE168722A X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-4.97 / 15.00]; NEURAL_HAM_SHORT(-0.97)[-0.973,0]; REPLY(-4.00)[] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Dec 2018 19:12:55 -0000 On Tue, 2018-12-11 at 19:58 +0100, Hubert Hauser wrote: > Hello! > > > > You should not be running ntpd inside a jail, it won't have the > > priveleges to set the kernel clock anyway, only the ntpd running in > > a > > non-jailed environment can do that. > How can I prevent running ntpd and lpd in the jail environment? > Set the appropriate variables (ntpd_enable=NO, etc) in the /etc/rc.conf for the jail. -- Ian > > > > I wouldn't use a jail for that. Take a look at this article I wrote > > about how to use Tor in the manner you're looking for: > > > > https://github.com/lattera/articles/blob/master/infosec/tor/2017-01 > > -14_torified_home/article.md > It sounds like a good idea but weren't a better solution use an > open-hardware device acting as Tor router with installed OpenBSD or > HardenedBSD? Why wouldn't you use for it jail environment? I want to > place Tor in the jail environment because I want to prevent system > being > compromised in case compromising Tor service. > > Thank you in advance, > Hubert. > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd > .org"