Hi, I have read on this mailing list several times about how some previous versions of Tor contain vulnerabilities that can threaten the host machine itself. I am reminded of this again with Pei Hanru's excellent work tracking down the "tbreg mystery." (I too say "thank you".) While I understand that all software has bugs, some of which can be exploited for malicious purposes, I've long wondered how such vulnerabilities in Tor threaten the host itself if Tor is being run (as recommended) as an unprivileged user.
Can somebody explain, or point me to an explanation? Thanks.
