Re: [Tails-dev] VirtualBox host software vs. networking [Was…

Supprimer ce message

Répondre à ce message
Auteur: adev
Date:  
À: The Tails public development discussion list
Nouveaux-sujets: [Tails-dev] Bridge Firewall Was: Re: VirtualBox host software vs. networking [Was: Tails 0.14 rc1 virtualization testing & howto install virtualbox and vmplayer]
Sujet: Re: [Tails-dev] VirtualBox host software vs. networking [Was: Tails 0.14 rc1 virtualization testing & howto install virtualbox and vmplayer]
> adev@???:
>> I have a question about virtualbox as
>> adrelanos said host-only networking requires both the vboxnetadp and
>> vboxnetflt kernel modules to be inserted.
>
> anonym said so. :)
> _______________________________________________
> tails-dev mailing list
> tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
>


My mistake adrelanos, I really like your multi machine design of whonix. I
think since tails now supports bridges and obsproxy, then someone one day
may implement a hardened firewall cd that runs in front of tails, and
allows only traffic to the bridges the user has specified

This would stop an attacker from learning the tails machine real IP even
if they gained root on the machine, unless they could use a *rare* exploit
against iptables or pf on the firewall machine (or some other attack)

A multi machine setup may be less coding work for developers than setting
up virtualization, and be more secure




I have read people asking how to disable bridge adapters in virtualbox but
enable host-only networking and I think the answer is no, you cannot
disable bridge adapter functionality in the kernel being available to the
users uid, without altering virtualbox source code. I dont have time to
research this fully right now so I cannot guarantee this answer. I have
asked on the virtual box mailing list



For this reason QEMU may be better for the two layered virtualized system
goal at https://tails.boum.org/todo/Two-layered_virtualized_system/