[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)

Ben Tasker wrote:

But don't, please, follow the suggestion of using root for routine
non-internet tasks. You should use privileged accounts only when you
actually require that level of privilege. Also keep in mind that while
malware running as an unpriviliged user cannot (generally) hose the system,
it can still steal/corrupt whatever data that user has access to. Unless
this is a shared system, you probably care more about that data than the OS
files themselves.

Ben is right about not using root for routine tasks.  But you can
still follow your original idea by creating one or more
*nonprivileged* accounts for non-internet tasks.  Even w/o using
VMs you can block these accounts from *initiating* connections to
the Internet with iptables rules.  If you set up permissions
correctly, then so long as malware does not achieve root level
privilege the information in these non-internet accounts should
remain safe.  So you have a range of options from no VMs to fully
isolated VMs on separate machines to running a live CD/DVD for
internet access.



tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to