[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor + SELinux sandbox = leak proof without VM overhead?

On Sat, Aug 28, 2010 at 3:25 PM, intrigeri <intrigeri@xxxxxxxx> wrote:
> ...
> Another "cost" mentioned by coderman was "elevated privs for
> accelerated virtualization / para-virtualization". AFAIK VirtualBox
> does not need any special privileges (once the kernel part of the
> software is installed, and the modules/services loaded).

the loading / configuring of kernel module part is one elevated task.

route table changes / altering iptables rules and chains*, many other
such things require elevated privileges.
there are often host facilities to permit specific use of valid
settings, and rsbac constraints, lots of other mitigation

if you give up acceleration and do full softmmu / user only and
constrained device emulation you can still have a guest / least
privilege virtual machine, but the overhead is significant.
fortunately fast virtio devices are become common across both
userspace only and accelerated virtual machine implementations.

i also like livecd as you mention, and qubes on live fedora is a nice
setup, perhaps coupled with HTTPS-Fuse on-demand pre-caching file
system overlays... many many different combinations and techniques to
complement and fit a particular need. the limiting factor is time to
explore them all and their relative



* i call this out specifically because you need extend beyond the
basic VirtualBox / Qemu / VMWare settings associated with the common
bridge, nat, host-only network devices and implement host level
routing protections; otherwise you're exposed to a number of potential
side channel and other attacks listed in the FAQ and elsewhere.
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/