On Tue, Sep 29, 2009 at 03:29:01AM -0400, grarpamp wrote: > If you want to be safe from whatever random app fires [or you fire] up, > and all their various requests... run in/behind/under some form of network > sandbox that catches all traffic and shoves it through Tor or sinks it.
Most decent operating systems these days come bundled with virtualization solutions, from heavy-weight (Xen, KVM) to lightweight (containers, OpenVZ, VServer). What is needed is packaging the browser/proxy/Tor into such guests, leaving only the I/O to the host. It would be probably also good if one reverts to a clean/known good snapshot after each new start, and/or comes bundled with IDS. Such guests should come as appliances, or at least be easy enough to instantiate with a script, or a few commands. It would be still possible to compromise the host, but it would be much harder, and perhaps require manual intervention, making compromise slower, and easier to detect. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/