[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Tor + SELinux sandbox = leak proof without VM overhead?

To: or-talk@xxxxxxxxxxxxx
Subject: Tor + SELinux sandbox = leak proof without VM overhead?
From: Gregory Maxwell <gmaxwell@xxxxxxxxx>
Date: Sat, 21 Aug 2010 20:55:49 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 21 Aug 2010 20:55:55 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type:content-transfer-encoding; bh=/OHgKkyNFuOgah03VA3kZP8IyoKQ/48D+n+tZcZBELQ=; b=jBbi7G+ozohYWrRZR5yjfQeJahKkOS2w7WotCdseXpplWcJZSQcYwWwvEw05pxURA+ 5Pse0FtvreBm9zD2EeniOg8hIO84iPSIB3QaK+1WB1tkdO25sWtIeJTQEcAIreqddAbi euVoYcF6+FPYbABClbvmcyV2GnioxXgmfeSyo=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=EpQSCcvBZevy5Qp9gsYCf7ljYZo8UvXQOTS6Nf+LwrN320ifMvmiSQnRQOUzwghKWw 7WCP9zXAxUr62gYjw3uVi7BZxK6vZB7/yT7207L/du5wynukO+CIu917JDoGLGsSTavs i462/wl1jQcKbo7IsjSSRHKJq9ADr5mDGFnTU=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Greetings, I've searched my copy of the lists and can't find any
discussion of this. If there has been, please direct me to it.

I think it's obvious that the best way of using tor is running your
torrified apps in a VM which can only access the outside world via
TOR. This provides the highest protection from network leaks and also
partially thwarts fingerprinting.   But I can only assume that the
'cost' (performance, complexity, etc) of using a VM for tor is too
high for many peopleâ otherwise we would insist that anyone who wants
anonymity operate that way.

Has anyone looked into using the SELINUX sandbox
(http://danwalsh.livejournal.com/28545.html) to prevent leaks?   The
sandbox provides a high degree of application isolation.  It looks
like it would be pretty much trivial to add an option to the sandbox
front end program to only allow accesses to the tor socks port from
the isolated app.

With this users on a supporting platforms wouldn't have to use
wireshark to figure out if, say, pidgin, is leaking via DNS. They
could simply run the app inside the sandbox and be sure of it.

Does this sound like a practice which should be refined and recommended?
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Tor + SELinux sandbox = leak proof without VM overhead?
  - From: coderman
- Re: Tor + SELinux sandbox = leak proof without VM overhead?
  - From: F. Fox
- Re: Tor + SELinux sandbox = leak proof without VM overhead?
  - From: intrigeri

Prev by Author: Re: TLS NPN (Next Protocol Negotiation)
Next by Author: Re: [Bulk] Re: The team of PayPal is a band of pigs and cads!
Previous by thread: Tor 0.2.2.15-alpha is out
Next by thread: Re: Tor + SELinux sandbox = leak proof without VM overhead?
Index(es):
- Author
- Thread