[tor-talk] Is there a way to use internet in a sandbox environment? (Linux)
Jim
jimmymac at copper.net
Sat Mar 30 07:13:43 UTC 2019
Ben Tasker wrote:
>
> But don't, please, follow the suggestion of using root for routine
> non-internet tasks. You should use privileged accounts only when you
> actually require that level of privilege. Also keep in mind that while
> malware running as an unpriviliged user cannot (generally) hose the system,
> it can still steal/corrupt whatever data that user has access to. Unless
> this is a shared system, you probably care more about that data than the OS
> files themselves.
Ben is right about not using root for routine tasks. But you can
still follow your original idea by creating one or more
*nonprivileged* accounts for non-internet tasks. Even w/o using
VMs you can block these accounts from *initiating* connections to
the Internet with iptables rules. If you set up permissions
correctly, then so long as malware does not achieve root level
privilege the information in these non-internet accounts should
remain safe. So you have a range of options from no VMs to fully
isolated VMs on separate machines to running a live CD/DVD for
internet access.
HTH
Jim
More information about the tor-talk
mailing list