[tor-talk] [tor-dev] Porting Tor Browser to the BSDs
WhonixQubes
whonixqubes at riseup.net
Tue Apr 14 22:38:51 UTC 2015
On 2015-04-14 10:23 pm, Mirimir wrote:
> On 04/14/2015 03:50 PM, Yuri wrote:
>> On 04/14/2015 14:41, WhonixQubes wrote:
>>>
>>> I believe it is probably generally harder to break out of a virtual
>>> machine than root a Linux distro, like Tails, because hypervisors
>>> have
>>> a more limited attack surface compared to a full monolithic OS.
>>>
>>> If you use Qubes, then it is infinitely harder to root the host
>>> system.
>>
>>
>> Can you describe the scenario how can somebody potentially break out
>> of
>> the virtual machine and root the host system, if VM is wired to
>> connect
>> only through tor?
>>
>> Yuri
>
> An adversary could install software in the Whonix workstation VM that
> establishes an SSH connection to their machine. The SSH connection
> would
> prevent the Tor process in the Whonix gateway VM from closing the
> circuit. The adversary could then run exploits in the workstation VM
> designed to gain host access.
>
> If successful, it would be trivial to subvert the Whonix gateway VM.
> That doesn't require root privileges. But they could also root the
> host,
> and install software in host that establishes an SSH connection to
> their
> machine. Access then wouldn't depend on Whonix.
And just to give a bit of context for degree of ease for such an
exploit...
IMO, generally speaking:
- Easier: Tails with no VM isolation for Tor
-- Harder: Whonix with VirtualBox, KVM, etc isolation for Tor
--- Hardest: Whonix with Qubes isolation for Tor
Also, Whonix's CPFP (Control Port Filter Proxy) is of note, since it is
what filters Tor commands between the Whonix-Workstation and
Whonix-Gateway and intends to only allow *safe* Tor commands -- and not
the unsafe ones that can expose deanonymizing host machine info.
More info: https://www.whonix.org/wiki/Dev/Control_Port_Filter_Proxy
The CPFP can be deactivated and have Tor commands totally cut off for
achieving even further security isolation of Tor with Whonix.
WhonixQubes
More information about the tor-talk
mailing list