Tor + SELinux sandbox = leak proof without VM overhead?
Gregory Maxwell
gmaxwell at gmail.com
Sun Aug 22 00:55:49 UTC 2010
Greetings, I've searched my copy of the lists and can't find any
discussion of this. If there has been, please direct me to it.
I think it's obvious that the best way of using tor is running your
torrified apps in a VM which can only access the outside world via
TOR. This provides the highest protection from network leaks and also
partially thwarts fingerprinting. But I can only assume that the
'cost' (performance, complexity, etc) of using a VM for tor is too
high for many people— otherwise we would insist that anyone who wants
anonymity operate that way.
Has anyone looked into using the SELINUX sandbox
(http://danwalsh.livejournal.com/28545.html) to prevent leaks? The
sandbox provides a high degree of application isolation. It looks
like it would be pretty much trivial to add an option to the sandbox
front end program to only allow accesses to the tor socks port from
the isolated app.
With this users on a supporting platforms wouldn't have to use
wireshark to figure out if, say, pidgin, is leaking via DNS. They
could simply run the app inside the sandbox and be sure of it.
Does this sound like a practice which should be refined and recommended?
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list