[tor-talk] torjail - run programs in tor network namespace

bic bicno at autistici.org
Mon Jul 23 07:51:53 UTC 2018


I want to share a project made in _to hacklab.


We would like to have some feedback about the project, particularly if you
find some way to deanonimize a program running in torjail, please, submit
an issue!

[from readme]

# Why

We've tried to deanonimize a program executed in torsocks environment and
that was not so difficult as torsocks use LD_PRELOAD, so you only need to
statically compile your stuff. As whonix is sometimes too much, the idea is
to experiment with linux namespaces and learn by doing something useful
(at least for us).

# How it works

It creates a separated network namespace (using ip netns) with its own
network interface and a link to the host interface with some iptables rules
(on host) that force traffic generated from inside torjail to only exit via
tor (including dns).
Inside torjail you'll be in another pid namespace (this way you cannot
switch namespace), and another mount namespace (we use this to show a
different /etc/resolv.conf).

# Firejail support

We support a nice `-f` flag for uso firejail in pair wit torjail as
security sandbox.

Good bye!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20180723/faf81e9e/attachment.sig>

More information about the tor-talk mailing list