Thus spake Tom Ritter (tom@xxxxxxxxx): > On 1 May 2013 15:29, David Vorick <david.vorick@xxxxxxxxx> wrote: > > I don't know what I'm talking about, but here goes: > > > > If you were to put flash in a "sandbox" that had a fake IP address, might > > that make the sandbox incompatible with the tor network? When you are > > communicating, even over the tor network, your IP address is critical so > > that servers on the other end know where to send messages. That means that > > at the very least you have to know your own IP address. If the flash > > sandbox had a false address, the network might reject communication > > altogether, or it might simply be unable to return the messages to the > > right spot. > > > > Am I incorrect? > > Well, when anyone from outside the Tor project talks about sandboxing > flash, they're talking about restricting the system calls it can make, > restricting it from touching files on disk, spawning processes - real > sandbox stuff. That's what Mozilla is after with Shumway. That's > what Chrome is/was after with their sandbox. > > Tor is afraid of Flash for three reasons as I see it: it's buggy (see > my previous sentence), it can read your IP address, and (I believe) it > can or can be made to make requests that circumvent a configured proxy > that would leak your external IP to whatever you connect to (assumed > to be an attacker). And when I say proxy, you can read "Tor". There's a fourth reason: Flash can enumerate a separate and more detailed set of facts about your computer than Javascript can, and we have many indications that this set of facts is much larger (and thus is more identifying). The major one that the EFF found was that not only does flash export a full list of fonts installed on your computer, it also provides this list in a machine-dependent order. There are probably quite a few other surprises like that, too. Depending on the nature of the sandbox/VM, it may or may not be possible to address those fingerprinting issues... This shouldn't discourage anyone from working on a minimalistic flash sandbox though. Any solution would be better than none, especially since we already allow people to go into the TBB settings and mash the thing on if they really want.. I believe we even have an upstream deliverable for a flash sandbox.. Not my area of personal expertise or interest, though. I'm with Steve Jobs on this one: kill that fucker until it is dead. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk