[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
You could also try to run whonix, which you can also use as a sort of sandbox.
Apr 2, 2019, 1:01 PM by npdflr@xxxxxxxx:
> Hi Jim,
>
> Can you elaborate or give example on how to run a live CD/DVD for internet access.
>
> One has to install an OS on the CD/DVD and there needs to be some means for CD/DVD to access a network-specific firmware etc for using the internet, am I right?
>
>
>
>
>
> ---- On Sat, 30 Mar 2019 00:13:43 -0700 Jim <> jimmymac@xxxxxxxxxx <mailto:jimmymac@xxxxxxxxxx>> > wrote ----
>
>
>
> Ben Tasker wrote:
>
>>
>>
>> But don't, please, follow the suggestion of using root for routine
>>
>> non-internet tasks. You should use privileged accounts only when you
>>
>> actually require that level of privilege. Also keep in mind that while
>>
>> malware running as an unpriviliged user cannot (generally) hose the system,
>>
>> it can still steal/corrupt whatever data that user has access to. Unless
>>
>> this is a shared system, you probably care more about that data than the OS
>>
>> files themselves.
>>
>
>
>
> Ben is right about not using root for routine tasks. But you can
>
> still follow your original idea by creating one or more
>
> *nonprivileged* accounts for non-internet tasks. Even w/o using
>
> VMs you can block these accounts from *initiating* connections to
>
> the Internet with iptables rules. If you set up permissions
>
> correctly, then so long as malware does not achieve root level
>
> privilege the information in these non-internet accounts should
>
> remain safe. So you have a range of options from no VMs to fully
>
> isolated VMs on separate machines to running a live CD/DVD for
>
> internet access.
>
>
>
> HTH
>
>
>
> Jim
>
>
>
>
>
> --
>
> tor-talk mailing list - mailto:> tor-talk@xxxxxxxxxxxxxxxxxxxx <mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx>
>
> To unsubscribe or change other settings go to
>
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
> --
> tor-talk mailing list - > tor-talk@xxxxxxxxxxxxxxxxxxxx <mailto:tor-talk@xxxxxxxxxxxxxxxxxxxx>
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
>
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk