
Running Tor in a NetBSD rump unikernel - nbyouri
https://github.com/supradix/rumprun-packages/tree/33d9cc3a65a39e32b4bc8034c151a5d7e0b89f66/tor
======
supradix
Hi. I created this package. It allows one to run an extremely secure tor relay
on almost anything. The package is very easy to use and seems to work pretty
well. I've been running the first of its kind "in the wild" as an exit relay
for a week or so here...

[https://atlas.torproject.org/#details/FD76CE423F64853C402EAC...](https://atlas.torproject.org/#details/FD76CE423F64853C402EACD152AF4908CCE63A36)

And it was officially merged upstream today here...

[https://github.com/rumpkernel/rumprun-
packages/commit/0171d4...](https://github.com/rumpkernel/rumprun-
packages/commit/0171d44a096ff76bbd90b7e8505cf58d2fa9f66f)

Running tor in a rump unikernel provides a single application, single address
space image, with bare minimum necessary support drivers, that can be run
portably on pretty much any hypervisor (or even on bare metal).

If security is a concern, you would be pretty hard pressed to run a more
secure tor relay. This doesn't even have a /bin/sh, for example. There's
precious little available to be exploited here, even should a tor exploit be
found possible. Odds are, even a major tor vulnerability wouldn't do an
interloper very much good in this case.

For background infomation, see...

Tor

[https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29](https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29)

[https://www.torproject.org/](https://www.torproject.org/)

Rump Kernel

[https://en.wikipedia.org/wiki/Rump_kernel](https://en.wikipedia.org/wiki/Rump_kernel)

[http://rumpkernel.org/](http://rumpkernel.org/)

Enjoy. :)

