[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Jailed/sandboxed/chrooted applications
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Jailed/sandboxed/chrooted applications
- From: coderman <coderman@xxxxxxxxx>
- Date: Thu, 1 Jan 2009 19:01:02 -0800
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Thu, 01 Jan 2009 22:01:08 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=6eS9TK6oHIHgaubmyApqx8yuWH3rD6kS2B4+Qo+kFaY=; b=I1xSFPkUNfTbLqIkp4lyidFxyBJt5QRHOLkTO1Dl+xCEacdKE04CiRu8rHbLMiceOB LRGcVk2SjwGejO7M82R2P2ROQgX1u3jODafUI7GVwK1M6AAyAazTR31fJGBiPEwY7iOc dYQ6Cd6BMWlSTdBthG4vCNtBgwXjjuuYmgzKY=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=JU4sk5KrWm0JsfxGqVWjYaf6/Ia9Rcj5eYIpY0KBAz/y4XrdyzqKD9UERojg84njec cP9lvjw6ZYSvWhU6VhXXO/3BW6UtDYlZSdxIh7prjbeMZuFq6N59l5rtTS8dFRlQmFSv KBWhuOJDJDDIG41w9ADMnVCRqXJMLDO25YKic=
- In-reply-to: <495D8265.7020200@xxxxxxxxxxxxxx>
- References: <495D8265.7020200@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Thu, Jan 1, 2009 at 6:56 PM, Adlesshaven <adlesshaven@xxxxxxxxxxxxxx> wrote:
> Does anyone here jail, sandbox or chroot the applications they use with Tor?
>... What is the best way
> to isolate applications completely for use with Tor?
situations vary but my personal preference is for distinct virtual
machines to run groups of applications and Tor separately. the main
benefit this provides is stronger isolation from arbitrary execution
and other exploits as well as providing a virtual network address that
does not provide any hints about the topology or configuration of your
internal LAN / Internet connection.
being able to configure Tor'ified applications in freebsd jails would
be useful though; i've only tried to do that (owner match) with
iptables on linux though...
best regards,