[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Jailed/sandboxed/chrooted applications

On Thu, Jan 1, 2009 at 6:56 PM, Adlesshaven <adlesshaven@xxxxxxxxxxxxxx> wrote:
> Does anyone here jail, sandbox or chroot the applications they use with Tor?
>... What is the best way
> to isolate applications completely for use with Tor?

situations vary but my personal preference is for distinct virtual
machines to run groups of applications and Tor separately.  the main
benefit this provides is stronger isolation from arbitrary execution
and other exploits as well as providing a virtual network address that
does not provide any hints about the topology or configuration of your
internal LAN / Internet connection.

being able to configure Tor'ified applications in freebsd jails would
be useful though; i've only tried to do that (owner match) with
iptables on linux though...

best regards,