[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TBB advantages in VM

> Abel Luck:
>> Interesting reading, thanks! My use case is different. It's running
>> Qubes-OS [1] with a specific TorVM acting as a transparent proxy for
>> other AppVms.
>> The AnonBrowserVM is a VM that only has Firefox (soon TBB without tor).
>> OS updates are handled separately in a different VM. The root FS is
>> read-only (technically COW, but never written, see [2]).
>> Looking at your attack comparison matrix, I believe a proper Qubes
>> w/TorVM+AnonAppVM setup is safe for all attacks except those involving a
>> vm exploit and an attack against the tor process or network.
> I haven't check in details, but Qubes looks very good.

It's interesting to say the least. A few of its drawbacks are its
resource demand (8GB recommended RAM, 20GB HD space, just for the OS),
and it's hardware support (doesn't support new Ivy Bridge intel GPUs).

But it's a new project that will tackle these issues in time I'm sure.

> There is a big and very good blog post about Qubes + Tor. The part it
> lacks is the stream isolation part.
> http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html

Yup, this was the basis for my setup, though I'm using the Tor RPM repo
for 2.3.x w/ stream isolation.

Plus, it exposes a few SocksPorts for added isolation for certain

Now I'm brainstorming on how to solve the DNS issue, I'd like to be able
to resolve non-A records. ttdnsd is pretty broken.

Attachment: signature.asc
Description: OpenPGP digital signature

tor-talk mailing list