On Sun, Feb 25, 2018 at 04:03:49PM -0600, Conrad Rockenhaus wrote:
Wow, I didn't expect my friendly gesture to start another debate, but the reasoning behind offering this image was mainly for people who were operating on OpenStack clouds who wanted to upload the image to their infrastructure using glance and start things up quickly. I'm more than willing to provide the ansible scripts I use to initially spin things up, once I clean things up since there's still some manual things that can be automated.
I'll just consider this idea dead in the water. That being said:
On Sunday, February 25, 2018 3:50:44 PM CST Shawn Webb wrote:
On Sun, Feb 25, 2018 at 09:05:00PM +0000, George wrote:
Conrad Rockenhaus:
Hello All,
If anyone is interested, I have a RAW image of a FreeBSD 11.1 ZFS image that is fully configured and ready to run Tor. Right now it's an eight GB image, but I'm reducing the size by removing all of the extra stuff on it from the upgrade from FreeBSD 11 to 11.1.
I think it's great to ease the implementation of Tor relays, particularly on BSDs.
However, I'd be wary of an image that I didn't build myself, personally.
I agree with that sentiment. I would rather Tor relay operators set up their systems themselves so that they know how that system is configured.
I would also suggest users run operating systems that specialize in security, like OpenBSD or HardenedBSD. Running Tor on FreeBSD opens the door to mass exploitation via copy and paste style exploits. I would caution against such setups. Tor has a very unique threat landscape and the security of the relay should be of upmost importance.
I'll be honest, I have never heard of a copy and paste style exploit. What is it? Could you provide me a link with info about it, because I run several FreeBSD instances and if I have a ticking timebomb on my hands, I need to fix it.
With FreeBSD's complete lack of exploit mitigations, all tor instances running on like FreeBSD systems can be exploited the same way. The memory layout is predictable, memory mappings can be writable and executable, etc.
The virtual memory layout of tor on your FreeBSD 11.1-RELEASE-p6 instance is going to be the exact same as John Smith's instance. This means that attackers can write their exploits with 100% reliability, even with virtual memory addresses hardcoded.
There's no need for ROP, JOP, SROP, etc. on FreeBSD. FreeBSD is literally stuck in 1999-era security. Writing exploits for such systems is extremely easy for today's offensive security researchers.
FreeBSD really needs ASLR and W^X, at a minimum, for me to put even the slightest trust in for applications that are security-sensitive (like tor). Until then, I'd encourage Tor relay operators to make use of operating systems that put a focus on security, like OpenBSD or HardenedBSD.
Just yesterday, I was notified of yet another FreeBSD box getting popped by an offensive security researcher.
Thanks,