Tor + SELinux sandbox = leak proof without VM overhead?

coderman coderman at gmail.com
Sun Aug 29 22:14:26 UTC 2010


On Sat, Aug 28, 2010 at 3:25 PM, intrigeri <intrigeri at boum.org> wrote:
> ...
> Another "cost" mentioned by coderman was "elevated privs for
> accelerated virtualization / para-virtualization". AFAIK VirtualBox
> does not need any special privileges (once the kernel part of the
> software is installed, and the modules/services loaded).

the loading / configuring of kernel module part is one elevated task.

route table changes / altering iptables rules and chains*, many other
such things require elevated privileges.
there are often host facilities to permit specific use of valid
settings, and rsbac constraints, lots of other mitigation
techniques...

if you give up acceleration and do full softmmu / user only and
constrained device emulation you can still have a guest / least
privilege virtual machine, but the overhead is significant.
fortunately fast virtio devices are become common across both
userspace only and accelerated virtual machine implementations.

i also like livecd as you mention, and qubes on live fedora is a nice
setup, perhaps coupled with HTTPS-Fuse on-demand pre-caching file
system overlays... many many different combinations and techniques to
complement and fit a particular need. the limiting factor is time to
explore them all and their relative
strengths/weaknesses/trade-off's...

http://unit.aist.go.jp/itri/knoppix/http-fuse/index-en.html

http://qubes-os.org/Architecture.html

* i call this out specifically because you need extend beyond the
basic VirtualBox / Qemu / VMWare settings associated with the common
bridge, nat, host-only network devices and implement host level
routing protections; otherwise you're exposed to a number of potential
side channel and other attacks listed in the FAQ and elsewhere.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/



More information about the tor-talk mailing list