Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Feb 2018 00:43:03 -0500
From:      grarpamp <grarpamp@gmail.com>
To:        freebsd-security@freebsd.org
Subject:   Fwd: [tor-relays] FreeBSD 11.1 ZFS Tor Image
Message-ID:  <CAD2Ti2_0JFA9h%2BofxkhQsBWd8m9kipKmMNWko4J9ntnS=d-oRA@mail.gmail.com>
In-Reply-To: <20180225221733.o6jrgeo2d5mfdegg@mutt-hbsd>
References:  <1778362.rEQJjLh0zu@beastie> <735f5c0a-f6a3-adb4-c615-7e0ce8fb6dea@queair.net> <20180225215044.vzuablpgcweaxwlh@mutt-hbsd> <2537598.fuWUYQZvu7@beastie> <20180225221733.o6jrgeo2d5mfdegg@mutt-hbsd>

next in thread | previous in thread | raw e-mail | index | archive | help
--001a11424b1c37740a056616feb3
Content-Type: text/plain; charset="UTF-8"

---------- Forwarded message ----------
From: Shawn Webb <shawn.webb@hardenedbsd.org>
Date: Sun, Feb 25, 2018 at 5:17 PM
Subject: Re: [tor-relays] FreeBSD 11.1 ZFS Tor Image
To: tor-relays@lists.torproject.org


On Sun, Feb 25, 2018 at 04:03:49PM -0600, Conrad Rockenhaus wrote:
> Wow, I didn't expect my friendly gesture to start another debate, but the
> reasoning behind offering this image was mainly for people who were operating
> on OpenStack clouds who wanted to upload the image to their infrastructure
> using glance and start things up quickly. I'm more than willing to provide the
> ansible scripts I use to initially spin things up, once I clean things up
> since there's still some manual things that can be automated.
>
> I'll just consider this idea dead in the water. That being said:
>
> On Sunday, February 25, 2018 3:50:44 PM CST Shawn Webb wrote:
> > On Sun, Feb 25, 2018 at 09:05:00PM +0000, George wrote:
> > > Conrad Rockenhaus:
> > > > Hello All,
> > > >
> > > > If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image
> > > > that is fully configured and ready to run Tor. Right now it's an eight
> > > > GB image, but I'm reducing the size by removing all of the extra stuff
> > > > on it from the upgrade from FreeBSD 11 to 11.1.
> > >
> > > I think it's great to ease the implementation of Tor relays,
> > > particularly on BSDs.
> > >
> > > However, I'd be wary of an image that I didn't build myself, personally.
> >
> > I agree with that sentiment. I would rather Tor relay operators set up
> > their systems themselves so that they know how that system is
> > configured.
> >
> > I would also suggest users run operating systems that specialize in
> > security, like OpenBSD or HardenedBSD. Running Tor on FreeBSD opens
> > the door to mass exploitation via copy and paste style exploits. I
> > would caution against such setups. Tor has a very unique threat
> > landscape and the security of the relay should be of upmost
> > importance.
>
> I'll be honest, I have never heard of a copy and paste style exploit. What is
> it? Could you provide me a link with info about it, because I run several
> FreeBSD instances and if I have a ticking timebomb on my hands, I need to fix
> it.

With FreeBSD's complete lack of exploit mitigations, all tor instances
running on like FreeBSD systems can be exploited the same way. The
memory layout is predictable, memory mappings can be writable and
executable, etc.

The virtual memory layout of tor on your FreeBSD 11.1-RELEASE-p6
instance is going to be the exact same as John Smith's instance. This
means that attackers can write their exploits with 100% reliability,
even with virtual memory addresses hardcoded.

There's no need for ROP, JOP, SROP, etc. on FreeBSD. FreeBSD is
literally stuck in 1999-era security. Writing exploits for such
systems is extremely easy for today's offensive security researchers.

FreeBSD really needs ASLR and W^X, at a minimum, for me to put even
the slightest trust in for applications that are security-sensitive
(like tor). Until then, I'd encourage Tor relay operators to make use
of operating systems that put a focus on security, like OpenBSD or
HardenedBSD.

Just yesterday, I was notified of yet another FreeBSD box getting
popped by an offensive security researcher.

Thanks,

--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:    +1 443-546-8752
GPG Key ID:          0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

--001a11424b1c37740a056616feb3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Disposition: attachment; filename="signature.asc"
Content-Transfer-Encoding: base64
X-Attachment-Id: aaaf23f05c48c2d0_0.0.1

LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0NCg0KaVFJekJBRUJDQUFkRmlFRUtycTJ2ZTlx
OUlhK2lUMmVhb1JsajFKRmJ1NEZBbHFUTmZjQUNna1Fhb1JsajFKRg0KYnU1bFpBLy9XeUcrL3c5
TCtHdVplbUs2L1FvQ3g5ajV4Tk1EN0VOV1RZcTZtQ0l5dkJ6Zm9QKzEzei84UUdXYg0KRDd4S08y
aG5oSDdaMnExazNZRmJzd1VPVUJ5U1QvS1VLUTFMM0pxVTQ0UWFHSis4TmRWdjk1NTAzbzdpbS9T
Qw0KOWZCTmMwNXJwSEgxWk5pbE1YSTY3TjEwOWhmMUdPei8vZURUTklzV0F0UEU5QzM3NHl4R2dQ
eVdQa0o0bHIzcA0KTWR4RVhXalpHbW1kWGhRQ0lpLyswdWZsZWYwN2VDVTFqQ0xKRDNwMS9wZmlL
YXRRbjRvNFJ5TVNJa0pFQ1Rncw0KU1Ntb1dSWDcrRGY5VnowbWZVVENRRmJjRnlqQ0lXSytIQUZO
ZE5HNVd6NlY5YmtYb1hRaGk2eEo1YWtJRXJTRg0KMXJSb1RxbFVkcjZtV2hWSlZUMTZaZ0FaRmlW
UFR2dTI3S0ZRWUxYQzMwazV5cmRiYm9mN0dzdWRHdGJwcHhISw0KNWFyYnhjSTQvYTJVTE50ajk5
SUZSU0gyd1dmRHhPczBmamtrVUhRcXBjYjl6d0srSDdzNWdQNUFzNkF4cjZiWQ0KMnFwSlE2Nm9X
M3VZdXpHQnNFNjRsU0l0MU5sdVhGS0FyZW10RDdzUDR4WnllU3l6b25saEVSSFpLVlhqaUV4bg0K
UDlhdFY2VllvSFZ2NkFSVjVVekY5TndCRWwrUmdTSWlkZ0U3cTcyTklaazdZcTBWUHFIT0JvM2c2
UDRGSSt1Lw0KNHkvZDZhbnJaNFJjdXl0VzVKZUtaWmJVbWVXNGhOOGhwMjFhUnhwL0ZLL3Q0cjB5
b1ZNa3RyN1ZoYlAzeGE4Wg0KNGUvWkd4MTNkVHZOcU1HNUk0Tng3a3FCSFBWbDVSZDA0SG5SV01Z
clJxdUNreUdmMmY0PQ0KPWwzbWENCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQ0K
--001a11424b1c37740a056616feb3--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2_0JFA9h%2BofxkhQsBWd8m9kipKmMNWko4J9ntnS=d-oRA>