[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
On 2015-04-14 10:23 pm, Mirimir wrote:
On 04/14/2015 03:50 PM, Yuri wrote:
On 04/14/2015 14:41, WhonixQubes wrote:
I believe it is probably generally harder to break out of a virtual
machine than root a Linux distro, like Tails, because hypervisors
a more limited attack surface compared to a full monolithic OS.
If you use Qubes, then it is infinitely harder to root the host
Can you describe the scenario how can somebody potentially break out
the virtual machine and root the host system, if VM is wired to
only through tor?
An adversary could install software in the Whonix workstation VM that
establishes an SSH connection to their machine. The SSH connection
prevent the Tor process in the Whonix gateway VM from closing the
circuit. The adversary could then run exploits in the workstation VM
designed to gain host access.
If successful, it would be trivial to subvert the Whonix gateway VM.
That doesn't require root privileges. But they could also root the
and install software in host that establishes an SSH connection to
machine. Access then wouldn't depend on Whonix.
And just to give a bit of context for degree of ease for such an
IMO, generally speaking:
- Easier: Tails with no VM isolation for Tor
-- Harder: Whonix with VirtualBox, KVM, etc isolation for Tor
--- Hardest: Whonix with Qubes isolation for Tor
Also, Whonix's CPFP (Control Port Filter Proxy) is of note, since it is
what filters Tor commands between the Whonix-Workstation and
Whonix-Gateway and intends to only allow *safe* Tor commands -- and not
the unsafe ones that can expose deanonymizing host machine info.
More info: https://www.whonix.org/wiki/Dev/Control_Port_Filter_Proxy
The CPFP can be deactivated and have Tor commands totally cut off for
achieving even further security isolation of Tor with Whonix.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to