[tor-talk] [tor-dev] Porting Tor Browser to the BSDs

Mirimir mirimir at riseup.net
Tue Apr 14 22:23:51 UTC 2015


On 04/14/2015 03:50 PM, Yuri wrote:
> On 04/14/2015 14:41, WhonixQubes wrote:
>>
>> I believe it is probably generally harder to break out of a virtual
>> machine than root a Linux distro, like Tails, because hypervisors have
>> a more limited attack surface compared to a full monolithic OS.
>>
>> If you use Qubes, then it is infinitely harder to root the host system.
> 
> 
> Can you describe the scenario how can somebody potentially break out of
> the virtual machine and root the host system, if VM is wired to connect
> only through tor?
> 
> Yuri

An adversary could install software in the Whonix workstation VM that
establishes an SSH connection to their machine. The SSH connection would
prevent the Tor process in the Whonix gateway VM from closing the
circuit. The adversary could then run exploits in the workstation VM
designed to gain host access.

If successful, it would be trivial to subvert the Whonix gateway VM.
That doesn't require root privileges. But they could also root the host,
and install software in host that establishes an SSH connection to their
machine. Access then wouldn't depend on Whonix.


More information about the tor-talk mailing list