On Thu, Aug 20, 2009 at 9:05 AM, Curious Kid <letsshareinformation@xxxxxxxxx>
Please excuse my extreme ignorance.
Could this attacker create a Tor circuit specifying a malicious node as the entry node?
> Even if an attacker were to be able to gain
> command-line access through a vulnerability in a program such as
> Firefox, they still wouldn't be able to obtain the user's IP address,
> look at their file system, or gain access to any other
> personally-identifiable information.
If done correctly, no. To start, don't run the browser as root, make a less privileged user user and run it as that user. This would prevent them from being able to modify iptables rules and read files created by other program (such as Vidalia's temp storage of the controlport password), which are needed. Iptables rules can include/exclude certain users from accessing certain ports. So don't let anyone other than the 'vidalia' user (again, less permissions required, root is not needed) which could run vidalia connect to Tor's ControlPort. Protecting the control port from users/programs who should not have access is very, very important. Much worse things than just setting the entry node could be done if an attacker got full access to the control port, but we won't go there.
A browser should not have access to Tor's ControlPort, but Vidalia probably should. Most applications that use Tor do not need to control Tor, and separating the two is a very important security requirement with a project such as this.
How is entropy gathered in virtual machines? Will it tell you if there is not enough entropy to support unpredictable routing and encryption? (Or is that even an issue at all with Tor?)
This application has nothing to do with entropy; it's purpose is to secure/separate/isolate the browser (or whatever app) from the rest of your host OS by placing it inside a very small VM. So in the event you do get owned (through your application/plugin that is using Tor), it's running under a user account that has limited permissions in an isolated environment, thereby reducing the level of damage that can be caused. Since most of this VM, if not all of it, will be running from an ISO image (read-only), then the amount of damage that can be caused is very, very minimal, if any at all.