Re: [tor-talk] HTML5 video and Tor anonymity.

[Tom Ritter <tom@xxxxxxxxx>]

On 1 May 2013 15:29, David Vorick <david.vorick@xxxxxxxxx> wrote:
> I don't know what I'm talking about, but here goes:
>
> If you were to put flash in a "sandbox" that had a fake IP address, might
> that make the sandbox incompatible with the tor network? When you are
> communicating, even over the tor network, your IP address is critical so
> that servers on the other end know where to send messages. That means that
> at the very least you have to know your own IP address. If the flash
> sandbox had a false address, the network might reject communication
> altogether, or it might simply be unable to return the messages to the
> right spot.
>
> Am I incorrect?

Well, when anyone from outside the Tor project talks about sandboxing
flash, they're talking about restricting the system calls it can make,
restricting it from touching files on disk, spawning processes - real
sandbox stuff.  That's what Mozilla is after with Shumway.  That's
what Chrome is/was after with their sandbox.

Tor is afraid of Flash for three reasons as I see it: it's buggy (see
my previous sentence), it can read your IP address, and (I believe) it
can or can be made to make requests that circumvent a configured proxy
that would leak your external IP to whatever you connect to (assumed
to be an attacker).  And when I say proxy, you can read "Tor".

If Flash is running on a machine with a RFC1918 IP (192.168.x.x,
10.x.x.x, etc) then knowing the IP doesn't help.  But it can still
make a proxy-circumventing request.  Putting Flash in a VM and
restricting the VM from making any request except through the proxy
(or routing all requests through the proxy) alleviates that concern.

-tom
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk