[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Jailed/sandboxed/chrooted applications

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Jailed/sandboxed/chrooted applications
From: Hans Schnehl <torvallenator@xxxxxxxxx>
Date: Fri, 2 Jan 2009 21:40:14 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 02 Jan 2009 15:40:43 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:references:mime-version:content-type:content-disposition :in-reply-to:user-agent; bh=bb1wZAn8KMb5x12zqV/eauuzx7BgowqAgZOYE1k0ak8=; b=VGj53wCMEZ3CLS211goyubbCzkoGl58DHSq8untSRtjY+QM+HjyoRBPVtXb03ohSmA w5Hm6kuT/kt+nO+pw/QGYc4I77GD51ouaTHYpislEAxFJN0TqpAUYfLwfWxtW13LMDmT HHGmDwR69yusz6vcgOBDu076gbYsy09fxP110=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; b=roynwOuUzHXkOIPNhlmo5PPdVgM14hIE9+3qEZQQ/QQDP/PEehc+9Q9HpAgt8nA1FU wO3rxGCsb1RPpodPgWohL+mnDArDykTlaiHIcXNZ60nQyDH7b0/XSOyUUmARn3Tn8jkE hdX79lW2+pAbvGRASa7IUPYm9EGBicg75tbs0=
In-reply-to: <495E5736.7090705@xxxxxxxxxxxxxx>
References: <495D8265.7020200@xxxxxxxxxxxxxx> <20090102140037.7ea19a11@xxxxxxxxxxxxx> <495E5736.7090705@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.5.18 (2008-05-17)

On Fri, Jan 02, 2009 at 01:04:38PM -0500, Adlesshaven wrote:
> Fabian Keil wrote:
> > Adlesshaven <adlesshaven@xxxxxxxxxxxxxx> wrote:
> >
> >   
> >> Does anyone here jail, sandbox or chroot the applications they use with Tor?
> >>     
> >
> > I'm running Tor and Privoxy in FreeBSD jails,
> > Xorg applications (which probably pose a bigger thread)
> > are running on the host system, though.
> >
> >   
> >> I have been trying to adapt the Wiki's transparent proxy recommendations
> >> to a FreeBSD jail for the last couple weeks with no luck.
> >>     
> >
> > I wrote about trans-proxy-tor running in a FreeBSD jail at:
> > http://www.fabiankeil.de/blog-surrogat/2006/06/15/jail-experimente-mit-ezjail.html
> >
> > The text is in German but the only thing that really matters is
> > the /etc/devfs.rules example to make /dev/pf visible in the jail.
> >
> > Nowadays I use Tor's TransPort option instead of trans-proxy-tor,
> > but the configuration is pretty much the same.
> >
> > Fabian
> >   
> Interesting. You used pretty much the reverse of what I was doing.
> My process is something like:
> 
> Set up a jail with sshd
> Install xauth, firefox, thunderbird, etc. in the jail
> Set up ssh outside the jail to be able to connect to the jail
>     and have X connections forwarded
> Set up PF to forward all connections to Tor's TransPort,
>     which is on the host system
> Use ssh to start a program, eg firefox, and it appears
>     on the host system's desktop
> 
> What I am having trouble with is step 4. It *looks* like PF
> is working fine, but Tor doesn't see the traffic to the TransPort.
> I think I have just been designing the firewall rules stupidly.
> The Tor Wiki gives a different scenario so it isn't too helpful.


please see:
http://archives.seul.org/or/talk/Oct-2007/msg00028.html
handling a similar approach.

With FBSD Tor needs rw on /dev/pf for this to work,
apart from all necessary settings in pf.conf.
(As you do rdr maybe an anchor in the appropriate positions
would be good, if it works without, even better)


Regards

Hans

Follow-Ups:
- Re: Jailed/sandboxed/chrooted applications
  - From: Adlesshaven

References:
- Jailed/sandboxed/chrooted applications
  - From: Adlesshaven
- Re: Jailed/sandboxed/chrooted applications
  - From: Fabian Keil
- Re: Jailed/sandboxed/chrooted applications
  - From: Adlesshaven

Prev by Author: Re: SMTPD Hidden Server
Next by Author: Anonymous blogging using Tor & Ecto (xmlrpc/wordpress/blogger/etc)
Previous by thread: Re: Jailed/sandboxed/chrooted applications
Next by thread: Re: Jailed/sandboxed/chrooted applications
Index(es):
- Author
- Thread