More Secure Tor Browsing Through A Virtual Machine in Ubuntu

Kyle Williams kyle.kwilliams at gmail.com
Thu Aug 20 16:31:10 UTC 2009 

On Thu, Aug 20, 2009 at 9:05 AM, Curious Kid <letsshareinformation at yahoo.com
> wrote:

> Please excuse my extreme ignorance.
>
> > Even if an attacker were to be able to gain
> > command-line access through a vulnerability in a program such as
> > Firefox, they still wouldn't be able to obtain the user's IP address,
> > look at their file system, or gain access to any other
> > personally-identifiable information.
>
> Could this attacker create a Tor circuit specifying a malicious node as the
> entry node?
>

If done correctly, no.  To start, don't run the browser as root, make a
less privileged user user and run it as that user.  This would prevent them
from being able to modify iptables rules and read files created by other
program (such as Vidalia's temp storage of the controlport password), which
are needed.  Iptables rules can include/exclude certain users from accessing
certain ports.  So don't let anyone other than the 'vidalia' user (again,
less permissions required, root is not needed) which could run vidalia
connect to Tor's ControlPort.  Protecting the control port from
users/programs who should not have access is very, very important.  Much
worse things than just setting the entry node could be done if an attacker
got full access to the control port, but we won't go there.

A browser should not have access to Tor's ControlPort, but Vidalia probably
should.  Most applications that use Tor do not need to control Tor, and
separating the two is a very important security requirement with a project
such as this.


>
> How is entropy gathered in virtual machines? Will it tell you if there is
> not enough entropy to support unpredictable routing and encryption? (Or is
> that even an issue at all with Tor?)
>

This application has nothing to do with entropy; it's purpose is to
secure/separate/isolate the browser (or whatever app) from the rest of your
host OS by placing it inside a very small VM.  So in the event you do get
owned (through your application/plugin that is using Tor), it's running
under a user account that has limited permissions in an isolated
environment, thereby reducing the level of damage that can be caused.  Since
most of this VM, if not all of it, will be running from an ISO image
(read-only), then the amount of damage that can be caused is very, very
minimal, if any at all.



> Thanks!
>

NP.

- Kyle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090820/0aebf73c/attachment.htm>

More information about the tor-talk mailing list