Re: [Tails-dev] VirtualBox host software vs. networking [Was…

このメッセージを削除

このメッセージに返信
著者: adev
日付:  
To: The Tails public development discussion list
題目: Re: [Tails-dev] VirtualBox host software vs. networking [Was: Tails 0.14 rc1 virtualization testing & howto install virtualbox and vmplayer]
> Hi,
>
> adev@??? wrote (01 Nov 2012 17:55:42 GMT) :
>>>>> IIRC, VirtualBox host software sets iptables/netfilter up in a way
>>>>> that makes the guest system bypass the existing firewall / or be
>>>>> blocked by it, so some care should be taken on this side.
>>>>
>>>> One idea is to use host-only networking in the virtualbox guest, and
>>>> the
>>>> apps in the guest can connect to appropriate socks-port(s) on the
>>>> hosts
>>>> host-only adapter
>>>
>>> Sure, a host-only adapter probably make this easier than the bridged
>>> setup described in the link.
>
>> And more secure
>
>>>> Bridge mode is the problem, it would be worth checking if the amnesia
>>>> user
>>>> can leverage the virtualbox bridge kernel module/driver to bypass tor.
>>>> This would violate tails design because currently the amnesia user is
>>>> not
>>>> allowed direct internet access.
>>>
>>> This is interesting and certainly needs to be investigated further
>>> (added to todo item). My initial testing shows that, indeed, bridged
>>> adapters bypass the host's firewall.
>
>> I suspect that the answer is Yes, by default the amnesia user can use
>> the
>> bridge adapter to bypass the host firewall, unless we do something to
>> stop
>> this
>
>>>> Bridge mode and NAT support could simply be left out alltogether from
>>>> tails, any drivers deleted/not-installed
>>>
>>> Allowing NAT is at least not a leaking-related problem since the NAT:ed
>>> traffic appears "normally" in the host OS, so in Tails it will be
>>> caught
>>> by the firewall.
>>>
>>>> If the kernel modules for bridge and NAT adapters is left out of
>>>> tails,
>>>> that would leave only the host-only networking adapter.
>>>
>>> vboxnetflt is used for bridged adapters, but host-only adapters
>>> requries
>>> *both* vboxnetadp and vboxnetflt to be loaded.
>
>> That is unfortunate, I'm sure we'll think of some way to fix the problem
>> though
>
> I'd like to see todo/add_virtualbox_host_software move forward,
> and I fear it's currently blocked due to needlessly high goals.
>
> Assuming one can just delete these few networking drivers file to
> disable network support altogether, without breaking anything else,
> how about, as a first iteration, we ship VirtualBox host software
> without networking support at all?
>
> I think this would at least satisfy the "I want to use InDesign on
> Windows on Tails to produce a leaflet" usecase, and at least be the
> first step towards more involved usecases like the one adev had
> in mind.
>
> What do you think?
>
> Cheers,
> --
> intrigeri
> | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
> | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
> _______________________________________________
> tails-dev mailing list
> tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
>



I think it is great to have good milestones like this being reached before
working on more complex usecases. Shipping virtualization would be a big
and useful milestone



I am also researching QEMU. I have a question about virtualbox as
adrelanos said host-only networking requires both the vboxnetadp and
vboxnetflt kernel modules to be inserted.

Does this mean virtualbox will never support host-only networking without
also allowing the amnesia user to bypass the iptables rules enforcing
tor-only network access, (without oracle changing virtualbox or editing
the kernel modules ourselves)



QEMU appears to by default not require any kernel modules, and to use
NAT-like networking which should not bypass the iptables tor-enforcement

QEMU looks like network access can be controlled more for a non-root user

I will research QEMU more and post back