[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)

To: "tor-talk" <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
From: npdflr <npdflr@xxxxxxxx>
Date: Tue, 02 Apr 2019 04:01:05 -0700
Arc-authentication-results: i=1; mx.zoho.com; dkim=pass header.i=zoho.com; spf=pass smtp.mailfrom=npdflr@xxxxxxxx; dmarc=pass header.from=<npdflr@xxxxxxxx> header.from=<npdflr@xxxxxxxx>
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1554202907; h=Content-Type:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To:ARC-Authentication-Results; bh=UfN0FuabdjDELYGOLPABDR5QpDzTGihts7yASvISk7Q=; b=hCryhtvjp9Od/ywwpIl4eJBN5P4RkmgVdoodSD5lz9WA4wCnokuuLmL22kCrRm5pOAApAleEFwNfsJMHtIfthWuH0r6xmDVIiEBJpO6C/Jw49ZMT2DuHSihZm+37jGEXyFNKog3nRynS2s2qbAXxL4/e+mETj+yZ48T7hRMr+F8=
Arc-seal: i=1; a=rsa-sha256; t=1554202907; cv=none; d=zoho.com; s=zohoarc; b=KTd0AOXJdgtilsMDvK3S9NxUuC33fhjqyEyBCw5Q9b03/L0dQVThg35LxIYl6a3uFiuqAdHnDdCm0/EO3XVIsCwyCoe/q+mgWDGX9KIKdq6PYME0Qw0EPELVyweNOKKMqOX0CAlWff+eU/LlpB1trgdTl60I2cF/Qzcs/RJZuFA=
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 02 Apr 2019 07:02:07 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1554202907; s=default; d=zoho.com; i=npdflr@xxxxxxxx; h=Date:From:To:Message-Id:In-Reply-To:References:Subject:MIME-Version:Content-Type; l=4799; bh=UfN0FuabdjDELYGOLPABDR5QpDzTGihts7yASvISk7Q=; b=tEqQUnpfIqGTMop4XowrHKKznxpV1UR2JRY96kjsw/FTUu/gqMPKvxZNEgywbvnT Vk/iNUXJZY5Vf/kJaJ5zS2YS952cYm41I+elR/McFsOfvYezK+mJgjFAOOAJ5wSiOfJ vtm8kD1AunMPANqoMDDT7TRrzbdUZKE4yRfYWibA=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=zapps768; d=zoho.com; h=date:from:to:message-id:in-reply-to:references:subject:mime-version:content-type:user-agent; b=urmWzyh7D5ENFEsc5pVO0wQPFTNDSJ4/Ab52o2cc7NaFcqMpeDZLlN+zimFALikiSnIzxtAYTAhf OLhJ21ziwK2Yp+qabqhLZRRiHFBqFDmidPcmT/Jc7n1Nu3fUIHzI
In-reply-to: <5C9F1727.5070500@copper.net>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <169afe11736.d283f77a93261.2016894534794041759@zoho.com> <CABMkiz7CN8v=rR2ihp2TeRxs8n2so=EURSLqKJZH7K9RRsnW1Q@mail.gmail.com> <5C9F1727.5070500@copper.net>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Zoho Mail

Hi Jim,

Can you elaborate or give example on how to run a live CD/DVD for internet access.

One has to install an OS on the CD/DVD and there needs to be some means for CD/DVD to access a network-specific firmware etc for using the internet, am I right?





---- On Sat, 30 Mar 2019 00:13:43 -0700 Jim <jimmymac@xxxxxxxxxx> wrote ----



Ben Tasker wrote:

> 

> But don't, please, follow the suggestion of using root for routine

> non-internet tasks. You should use privileged accounts only when you

> actually require that level of privilege. Also keep in mind that while

> malware running as an unpriviliged user cannot (generally) hose the system,

> it can still steal/corrupt whatever data that user has access to. Unless

> this is a shared system, you probably care more about that data than the OS

> files themselves.



Ben is right about not using root for routine tasks.  But you can

still follow your original idea by creating one or more

*nonprivileged* accounts for non-internet tasks.  Even w/o using

VMs you can block these accounts from *initiating* connections to

the Internet with iptables rules.  If you set up permissions

correctly, then so long as malware does not achieve root level

privilege the information in these non-internet accounts should

remain safe.  So you have a range of options from no VMs to fully

isolated VMs on separate machines to running a live CD/DVD for

internet access.



HTH



Jim





-- 

tor-talk mailing list - mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx

To unsubscribe or change other settings go to

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
  - From: blacklight447
- Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
  - From: Jim

Prev by Author: Re: [tor-talk] Checking if an IP address is a Tor exit server though an API call
Next by Author: Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
Previous by thread: Re: [tor-talk] GoldBug Messenger, SpotOn Crypto, etc (Re: Syncing bookmarks)
Next by thread: Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
Index(es):
- Author
- Thread