[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)



Hi Jim,

Can you elaborate or give example on how to run a live CD/DVD for internet access.

One has to install an OS on the CD/DVD and there needs to be some means for CD/DVD to access a network-specific firmware etc for using the internet, am I right?





---- On Sat, 30 Mar 2019 00:13:43 -0700 Jim <jimmymac@xxxxxxxxxx> wrote ----



Ben Tasker wrote:

> 

> But don't, please, follow the suggestion of using root for routine

> non-internet tasks. You should use privileged accounts only when you

> actually require that level of privilege. Also keep in mind that while

> malware running as an unpriviliged user cannot (generally) hose the system,

> it can still steal/corrupt whatever data that user has access to. Unless

> this is a shared system, you probably care more about that data than the OS

> files themselves.



Ben is right about not using root for routine tasks.  But you can

still follow your original idea by creating one or more

*nonprivileged* accounts for non-internet tasks.  Even w/o using

VMs you can block these accounts from *initiating* connections to

the Internet with iptables rules.  If you set up permissions

correctly, then so long as malware does not achieve root level

privilege the information in these non-internet accounts should

remain safe.  So you have a range of options from no VMs to fully

isolated VMs on separate machines to running a live CD/DVD for

internet access.



HTH



Jim





-- 

tor-talk mailing list - mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx

To unsubscribe or change other settings go to

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk