Re: [Tails-dev] Tails 0.14 rc1 virtualization testing & howt…

Delete this message

Reply to this message
Autor: anonym
Data:  
A: The Tails public development discussion list
Assumpte: Re: [Tails-dev] Tails 0.14 rc1 virtualization testing & howto install virtualbox and vmplayer
29/10/12 01:30, adrelanos wrote:
> anonym:
>>> * Allows stronger enforcement of tor-only connections, an attacker must
>>>> break out of a virtual machine, in addition to previous steps taken. A VM
>>>> can be configured to only be able to send traffic through the tor process
>>>> running on the host machine.
>> Sure, but to configure the applications in the guest to use the host's
>> Tor is non-trivial for most users (and would require us to make Tor's
>> ports listen on more than localhost). I'd like a way so a whole VM is
>> Torified without additional configuration inside the VM. Here's some an
>> article one can find inspiration from:
>>
>> <http://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network>
>>
>> (Added to the todo item)
>>
>
> What about identity corelation since all VM traffic would go through a
> single Tor socks port?


In this setup the VMs' traffic would be redirected to a dedicated Tor
TransPort via netfilter, so we could just set IsolateDestAddr on that
TransPort. It's perhaps not ideal, but I think I prefer that to
requiring users to make sane choices about which SocksPort:s to use.

Cheers!