[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
From: WhonixQubes <whonixqubes@xxxxxxxxxx>
Date: Tue, 14 Apr 2015 22:38:51 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 14 Apr 2015 18:39:03 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1429051131; bh=Bk9ROAJLq6j+Buxpd1/bvmpl2/7mrk+wTKemdQKNTWQ=; h=Date:From:To:Subject:In-Reply-To:References:From; b=C+bU2whtkY/plh8jfhMcqtzrSLXgJaiS7NB5j+70LSnIEsOOgoLd/LolKw6XbvOmV 5mCu6zQVCn6s/6TKYpDrCBr/RkvXl92A5jgm1dE0KMGA7WOEnYeD+z8iyO+8oY4EaF nB6D0AnV7R5j06vUbWqFyrKPCUMVjtbxXw9IBISE=
In-reply-to: <552D9377.5030805@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54E36CA2.9040504@xxxxxxxxxxx> <5529BA28.30909@xxxxxxxxx> <20150412064735.GA25987@xxxxxxxxxxxxxx> <a6e97db5c897305c7dd655119c5eba57@xxxxxxxxxx> <CAAgxajG9P07T0Ya_OyY4FS6ZO5HHBYQTYmttu34sp1oNseHL7A@xxxxxxxxxxxxxx> <3de2be9cc26c8e14281da15b6148681a@xxxxxxxxxx> <552D8B97.3040407@xxxxxxxxx> <552D9377.5030805@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Riseup mail

On 2015-04-14 10:23 pm, Mirimir wrote:

On 04/14/2015 03:50 PM, Yuri wrote:
On 04/14/2015 14:41, WhonixQubes wrote:
I believe it is probably generally harder to break out of a virtual
machine than root a Linux distro, like Tails, because hypervisorshave
a more limited attack surface compared to a full monolithic OS.
If you use Qubes, then it is infinitely harder to root the hostsystem.
Can you describe the scenario how can somebody potentially break outofthe virtual machine and root the host system, if VM is wired toconnect
only through tor?

Yuri
An adversary could install software in the Whonix workstation VM that
establishes an SSH connection to their machine. The SSH connectionwould
prevent the Tor process in the Whonix gateway VM from closing the
circuit. The adversary could then run exploits in the workstation VM
designed to gain host access.

If successful, it would be trivial to subvert the Whonix gateway VM.
That doesn't require root privileges. But they could also root thehost,and install software in host that establishes an SSH connection totheir
machine. Access then wouldn't depend on Whonix.

And just to give a bit of context for degree of ease for such anexploit...



IMO, generally speaking:


- Easier:  Tails with no VM isolation for Tor

-- Harder:  Whonix with VirtualBox, KVM, etc isolation for Tor

--- Hardest:  Whonix with Qubes isolation for Tor

Also, Whonix's CPFP (Control Port Filter Proxy) is of note, since it iswhat filters Tor commands between the Whonix-Workstation andWhonix-Gateway and intends to only allow *safe* Tor commands -- and notthe unsafe ones that can expose deanonymizing host machine info.


More info:  https://www.whonix.org/wiki/Dev/Control_Port_Filter_Proxy

The CPFP can be deactivated and have Tor commands totally cut off forachieving even further security isolation of Tor with Whonix.



WhonixQubes
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
  - From: Yuri

References:
- Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
  - From: Yuri
- Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
  - From: Andreas Krey
- Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
  - From: WhonixQubes
- Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
  - From: Apple Apple
- Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
  - From: WhonixQubes
- Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
  - From: Yuri
- Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
  - From: Mirimir

Prev by Author: Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
Next by Author: Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
Previous by thread: Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
Next by thread: Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
Index(es):
- Author
- Thread