Re: [Tails-dev] Tails 0.14 rc1 virtualization testing & howt…

Borrar esta mensaxe

Responder a esta mensaxe
Autor: anonym
Data:  
Para: The Tails public development discussion list
Asunto: Re: [Tails-dev] Tails 0.14 rc1 virtualization testing & howto install virtualbox and vmplayer
29/10/12 19:54, adev@??? wrote:

>> IIRC, VirtualBox host software sets iptables/netfilter up in a way
>> that makes the guest system bypass the existing firewall / or be
>> blocked by it, so some care should be taken on this side.
>
> One idea is to use host-only networking in the virtualbox guest, and the
> apps in the guest can connect to appropriate socks-port(s) on the hosts
> host-only adapter


Sure, a host-only adapter probably make this easier than the bridged
setup described in the link.

> Bridge mode is the problem, it would be worth checking if the amnesia user
> can leverage the virtualbox bridge kernel module/driver to bypass tor.
> This would violate tails design because currently the amnesia user is not
> allowed direct internet access.


This is interesting and certainly needs to be investigated further
(added to todo item). My initial testing shows that, indeed, bridged
adapters bypass the host's firewall.

> Bridge mode and NAT support could simply be left out alltogether from
> tails, any drivers deleted/not-installed


Allowing NAT is at least not a leaking-related problem since the NAT:ed
traffic appears "normally" in the host OS, so in Tails it will be caught
by the firewall.

> If the kernel modules for bridge and NAT adapters is left out of tails,
> that would leave only the host-only networking adapter.


vboxnetflt is used for bridged adapters, but host-only adapters requries
*both* vboxnetadp and vboxnetflt to be loaded.