[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Wed, 3 Apr 2019 14:27:42 -0700
Autocrypt: addr=mirimir@xxxxxxxxxx; prefer-encrypt=mutual; keydata= xsBNBFEN49cBCADWl1VZKYO8L+f/65G2nBWzh41VTAZDcJSxMWXrBSvpJzzLt6sJf0L0Rjmy W4VPxJMCm/32auRAp8Xx1iNmBpvYENSM1YJVWfk43tlSOY8CR3TVODMxWPhUu48Pb9OKSntz WHGwdZmOr14zF9vr4PaS9A6+Hyt9FPKuGcQFw7K8jK1Hpp5XgdY/DMHKeaJykJ8JH1HBTFTT OJdxIWu6cZ+spNaNfKdnNjk98hMPw69isVGzcm7b3lJUsjVnMSqnrtZ8CSIv1njyxJH7NB5n LzrE7EiXR37k+4Poc9/DeLSAKrq5N3ZMpX1EDOoXFa8lLVGWHBTwVN/tl7FLM0NmVuL5ABEB AAHNHG1pcmltaXIgPG1pcmltaXJAcmlzZXVwLm5ldD7CwIEEEwECACsCGyMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAhkBBQJafNQ7BQkNMVdkAAoJEGINZVEXwuQ+5LoIAKyZQDkNqj+Y E26o1bdEQlmOLhhXev45euNCnaFrnbOyKLivHdF4vvXyWBTzJmCsoRxTJ0A3Zmwa3ZihbKaU FCAdRgspLfA+TGICVYOztB+faWV18k5OTCk7ZiBQ/mOMQA4p3RPOV+UCgdelvZRHrFdUgHro dho/FqZhRoPdsPPB08QBisDO7SfFMMe9U9EZ03n4f2TvMgaTjK/kZCopwgLj2nB11SnCYfWJ jxUFDs+VFObf/jSK8T0SX9O6p430NWZm30vutUVac9lfodMjBcJqTnFxmZrwQomlCYGvSqNw 4Xy5+/gBzv/flXHngQSU053smHRtrMlGK5OU1RSixDfOwE0EUQ3j1wEIAMDcexhcaIO5jpl+ SHM14zuBvF2QG61IpH4Lag6nQmSMTljizuJg2kLaLbfc69AxmjuL5obqYi5ywXn4kQKqiwfa OHvVlKn662/J5YgXuc8tRLyqvgb+hibtAnlhWAuusP0eoQQP6SAASRjtrb8RVapTzJXy2Snf PtkcdtkTLLLcyeGoDOkpPkspnnp8avvI9ayzhGFLg9qNWaIuBMudxT6oHK4rZH+Sv6km9viI /ziV6E8Z+PpvMsGdebeYBLQA7ueuTbyOGbDyProwvocrKynI/UM40VYS8bS1PjWtljUlj7Vx 8C/746hnfdge0m24jnaWfu5UDjwpsHzs/JXqklsAEQEAAcLAZQQYAQIADwIbDAUCWnzURgUJ DTFXbwAKCRBiDWVRF8LkPsCjCACNvnnmpcDwEbtXUFZD/+ewNlPfM9o0mIXgi7DIVR9MVCw/ u14+mJUlQny4jPRV+hv/erjbiqEcVPZ296J3I4kUvO4slI+ZyODsRQSzwMz6ihwC6nN1xove YSBzVKKQrV+FDHVk6dJVLtgPdewOR9ZAar7mEbCLTJZ/e5aVb+NrlC1jWx3V3mMGCKOsEHhu 97cu3AswlxhzqPjczTo3rjtcfxdjeGU6mIEEAlhUlVDdfbGLODIyCXrP39zYxYXFFpVcbGAu +cndl1AQkIXUiMoJuzTMU8TQ+zz8yLof9fB7Y8O8VbmZBPQqN2IiHPeGbfqZjk/uHjJQUayI +beL0kxL
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 03 Apr 2019 17:27:56 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1554326865; bh=Ypk3NwwngVBQ73t0uS+ZdXXcsV5ZG/w3xeqT3Divj9c=; h=Subject:To:References:From:Date:In-Reply-To:From; b=aGYu9XwV4VL5EWzF2vyPxjqkP3rBHcI6NzSZPKmVxIFDWerjmW49IRXhnQgzXuNdu mOFH0ZRXmbhDUgnj0C5PX+nvjiIJv4Dsf4abqDhiD9DhrSX428qs+XTSCs+nsH8qLs eUzsSJh/57mr4szi4rd2XRH4+0LQStilONDL/1r4=
In-reply-to: <CABMkiz5_cy-VK_GbW_LsR2y4FQMoh0xN046D54rxo3sN3zmHZg@mail.gmail.com>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <169afe11736.d283f77a93261.2016894534794041759@zoho.com> <CABMkiz7CN8v=rR2ihp2TeRxs8n2so=EURSLqKJZH7K9RRsnW1Q@mail.gmail.com> <5C9F1727.5070500@copper.net> <169ddb5ae39.10feb86cc164132.5870605885373901306@zoho.com> <5CA44EB0.2010005@copper.net> <169e38eb4e4.103232a4f8625.1299399493971020287@zoho.com> <CABMkiz5_cy-VK_GbW_LsR2y4FQMoh0xN046D54rxo3sN3zmHZg@mail.gmail.com>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

On 04/03/2019 08:03 AM, Ben Tasker wrote:
> On Wed, Apr 3, 2019 at 3:17 PM npdflr <npdflr@xxxxxxxx> wrote:
> 
>> Thanks a lot Jim for the information.
>>
>>
>>
>> If I am running a live system on a DVD for internet access and booting
>> from that DVD then the DVD should be able to write some data on itself
>> (Example: if I am using a browser then the browser needs to write some data
>> on the DVD to function). So, I would need a DVD-RW (DVD rewritable) not
>> DVD-R (one-time recordable disc)
>>
> 
> No, one time recordable is fine (preferable, even).

Yes. That's the point. Although it's possible to write to "one time
recordable" DVDs, that requires custom software and a cooperative DVD drive.

> When the system boots from the disk, it loads the OS into memory, so things
> like your browser cache files are written into memory (and so lost when the
> DIMMs lose charge).  If you want persistence then most live CDs will allow
> you to provide a writeable media (normally a USB drive) for that purpose,
> but then you get back into the risks associated with having writeable media
> available.

True. And there are some limitations. As far as I know, all live
read-only systems allocate half of the physical RAM to the system, and
half to working memory. So if your machine has 4GB RM, you can load at
most a 2GB system image.

But DVDs can hold ~4.7GB. So if your machine has 8GB RAM, you can load
4GB from the DVD. Years ago, I built a live ISO with Debian, VirtualBox,
a pfSense VPN gateway VM, and stripped-down Whonix gateway and
workstation VMs. The workstation VM had just a simple openbox GUI. It
took several minutes to boot, but was very responsive afterward.

>> Running a live system on a USB would still have some risk as the USB could
>> read/write data to the attached Hard Disk of the PC or Laptop.
>>
>> A DVD-RW can't read/write to the attached Hard Disk on its own, am I right?
>>
>>
>>
> It can just as easily as the same ISO running off the USB could. If you
> need that level of security, then you're going to want to remove the
> harddrive from the system.

Or just unplug the data and power cables.

> Alternatively make sure whatever system you've got installed on the
> harddrive is using software Full Disk Encryption. At which point the ISO
> cannot read any data from it, and write attempts will (at most) corrupt
> your filesystem.
> 
> 
> 
> 
> 
> 
> 
>>
>>
>>
>> ---- On Tue, 02 Apr 2019 23:12:00 -0700 Jim <jimmymac@xxxxxxxxxx> wrote
>> ----
>>
>>
>>
>> npdflr wrote:
>>
>>> Can you elaborate or give example on how to run a live CD/DVD for
>> internet access.
>>
>>
>>
>> It has been a while since I have done this so I am a bit out of date,
>>
>> but presumably the procedure hasn't changed.  You need to find and
>>
>> download an .iso image from the internet or obtain it from another
>>
>> source.  Hopefully the creators of the image provide a way to verify
>>
>> that the image you get is correct and unaltered (PGP signature, a signed
>>
>> list of secure hashes, etc).  You should verify your image.  Then you
>>
>> need to burn the image to a CD or DVD (as appropriate) *as an image*.
>>
>> You can find instructions on the Internet about how to to this.  Do
>>
>> *not* just write it to the optical disk as a file.  Put the disk in
>>
>> your computer and boot to it.  You will then be running from the optical
>>
>> disk and there should be no hard drive access unless you specifically
>>
>> request it.
>>
>>
>>
>> There are multiple live systems to choose from.  Probably all will give
>>
>> you Internet access but some/many may not include Tor.  TAILs does
>>
>> include Tor and is specifically set up to direct all Internet traffic
>>
>> through Tor.  There may be others.  You should be able to find any
>>
>> additional information you need through searching the Internet.
>>
>>
>>
>> My impression is these days it is more common to run live systems from
>>
>> thumb drives than optical disks.  But I specifically mentioned CD/DVDs
>>
>> because they are read-only media and therefore can't get infected
>>
>> (assuming your original image is clean).
>>
>>
>>
>>> One has to install an OS on the CD/DVD and there needs to be some means
>> for CD/DVD to access a network-specific firmware etc for using the
>> internet, am I right?
>>
>>
>>
>> Live systems auto-detect hardware and will usually "just work" with the
>>
>> hardware you have.  If it doesn't you need to either find a different
>>
>> live system or different hardware.  But if your hardware works with
>>
>> standard Linux I wouldn't expect a problem.
>>
>>
>>
>> HTH
>>
>>
>>
>> Jim
>>
>>
>>
>> --
>>
>> tor-talk mailing list - mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx
>>
>> To unsubscribe or change other settings go to
>>
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> --
>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
> 
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
  - From: Jim

References:
- Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
  - From: npdflr
- Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
  - From: Jim
- Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
  - From: npdflr
- Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
  - From: Ben Tasker

Prev by Author: Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
Next by Author: Re: [tor-talk] Nice to meet you! / WhatsApp by Tor?
Previous by thread: Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
Next by thread: Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
Index(es):
- Author
- Thread