Keeping the full quote to share it on qubes-devel.
William Budington:
> Hey all,
>> I'm using whonix from within Qubes. I'm trying to find a way to
> remove the tor ports as an attack surface from the whonix-ws while
> still maintaining circuit isolation for applications run within
> workstations. Currently, I see that the tor ports are forwarded from
> the whonix-gw via rinetd.
>> Possible solution: a piece of software intended to be used on
> whonix-gw which opens one network interface per circuit, and
> provisions an arbitrary number of VMs with circuit-isolated,
> transparently torified connections without exposing the tor
> socks/control ports to them. That way you could run one application
> per VM which is on an isolated circuit, but has no access to the tor
> ports. Does anything like this currently exist?
>> Obviously this would be a bad solution for the Tor Browser, which
> relies on access to the tor ports to do per-tab isolation. But I
> figure it would be an okay solution for other applications that do
> not rely on such hands-on circuit control.
>> -Bill
Now my answers inside.
William Budington:
> Does anything like this currently exist?
tun2socks?
> I'm using whonix from within Qubes. I'm trying to find a way to
> remove the tor ports as an attack surface from the whonix-ws while
> still maintaining circuit isolation for applications run within
> workstations.
> Currently, I see that the tor ports are forwarded from
> the whonix-gw via rinetd.
re rinetd: Only those used by Tor Browser (and torchat). Other open Tor
ports on Whonix-Gateway (such as for HexChat) are under the current
implementation directly talked to.
(Not that it matters much for the sake of this subject: When you upgrade
Whonix-Workstation, anon-ws-disable-stacked-tor was migrated to socat.)
> Possible solution: a piece of software intended to be used on
> whonix-gw which opens one network interface per circuit,
It's an interesting idea.
So the application talks to a virtual network interface directly rather
than directly to a Tor SocksPort?
- Then this virtual network interface would eventually talk to a Tor
SocksPort?
- Okay, if I got that right, the application couldn't try to exploit a
bug in Tor's socks implementation. So the tun2socks application would
have to be more resistant against exploitation than Tor's socks code?
Eventually we use something like this [1] to configure specific
applications to specific virtual network interfaces?
> and
> provisions an arbitrary number of VMs with circuit-isolated,
> transparently torified connections without exposing the tor
> socks/control ports to them. That way you could run one application
> per VM which is on an isolated circuit, but has no access to the tor
> ports.
Hm. Alternatively it would be possible to configure Whonix-Gateway's
firewall to disallow any socksified traffic.
If you like to look into that:
whonix-gw Tempalte: /etc/whonix_firewall.d/50_user.conf or
sys-whonix: /rw/config/whonix_firewall.d/50_user.conf
WORKSTATION_ALLOW_SOCKSIFIED=0
(reload Whonix firewall 'sudo whonix_firewall' in sys-whonix or reboot)
[Of course also possible to make more fine tuned changes such as
disabling only specific SocksPorts...]
Disable stream isolation per application or globally, see [2]. I.e.
configure the application you want to use to use transparent
torification. [Which is the default, unless the application is
configured by Whonix default to use a Tor SocksPort. See list. [3].]
Multiple Whonix-Workstations using transparent proxying Qubes-Whonix are
already easily automatically stream isolated from each other because
they have a different client IP addresses and Tor default uses
IsolateClientAddr.
You'd end up with your application-A in a anon-whonix-one, that is using
transparent proxying and your application-B in anon-whonix-two.
anon-whonix-one and anon-whonix-two would be stream isolated
(IsolateClientAddr). Both stream isolated from each other. No Tor
SocksPort usage involved.
[Some thing would have to be sorted out such as sdwdate time
synchronization but I also have an idea here that I can specify if this
is of interest.]
It isn't the default implementation because in Qubes we are not so much
considering to run one VM per application, but one VM per security
domain (e.g., 鈥渨ork,鈥 鈥減ersonal,鈥 鈥渂anking,鈥 etc.) (multiple
applications per VM). And we wouldn't want to funnel all traffic from a
whole domain into the same Tor circuit.
> Obviously this would be a bad solution for the Tor Browser, which
> relies on access to the tor ports to do per-tab isolation.
(Tor Browser just talks to only a single Tor SocksPort. [And in the next
major version 6.5 it talks to a single unix domain socket.]) [Tor
Browser by tab isolates by (ab)using socks user auth.]
> But I
> figure it would be an okay solution for other applications that do
> not rely on such hands-on circuit control.
Certainly interesting to discover.
Best regards,
Patrick
[1]
http://superuser.com/questions/241178/how-to-use-different-network-interfaces-for-different-processes
[2] /wiki/Stream_Isolation/Disable_Easy
[3] /wiki/Stream_Isolation#List
[4] https://www.qubes-os.org/getting-started/
More information about the Whonix-devel
mailing list
“Look here!” Dick began to chuckle. “We’ve got a queer combination to work with—our Sky Patrol has! Suspicious Sandy—and—Superstitious Jeff!” Sandy grinned ruefully, a little sheepishly. Larry smiled and shook his head, warning Dick not to carry his sarcasm any further, as Jeff frowned. 52 "You do doubt me. If you did not, it would never occur to you to deny it. You doubt me now, and you will doubt me still more if you don't read it. In justice to me you must." "That same. She was part Mescalero, anyway." This Act, as disgraceful as any which ever dishonoured the statute-book in the reigns of the Tudors or Stuarts, was introduced into the Commons, on the 12th of May, by Sir William Wyndham, and was resolutely opposed by the Whigs, amongst whom Sir Peter King, Sir Joseph Jekyll, Mr. Hampden, Robert Walpole, and General Stanhope distinguished themselves. They did not convince the majority, which amounted to no less than two hundred and thirty-seven to one hundred and twenty-six. In the Lords, Bolingbroke himself moved the second reading, and it was ably opposed by the Lords Cowper, Wharton, Halifax, Townshend, Nottingham, and others. The greatest curiosity was displayed regarding the part which Oxford would take, as it was known that in the Council he had endeavoured to soften the rigorous clauses; but in the House he followed his usual shuffling habit, declaring that he had not yet considered the question; and, having induced the Opposition to let the second reading pass without a division, he absented himself from the final voting, and thus disgusted both parties and hastened his own fall. The battle of Falkirk, which in itself appeared so brilliant an affair for Prince Charles, was really one of his most serious disasters. The Highlanders, according to their regular custom when loaded with plunder, went off in great numbers to their homes with their booty. His chief officers became furious against each other in discussing their respective merits in the battle. Lord George Murray, who had himself behaved most bravely in the field, complained that Lord John Drummond had not exerted himself, or pursuit might have been made and the royal army been utterly annihilated. This spirit of discontent was greatly aggravated by the siege of the castle of Stirling. Old General Blakeney, who commanded the garrison, declared he would hold out to the last man, in spite of the terrible threats of Lord George Murray if he did not surrender. The Highlanders grew disgusted with work so contrary to their habits; and, indeed, the French engineer, the so-called Marquis de Mirabelle, was so utterly ignorant of his profession, that the batteries which he constructed were commanded by the castle, and the men were so much exposed that they were in danger of being destroyed before they took the fortress. Accordingly, on the 24th of January they struck to a man, and refused to go any more into the trenches. "Haint we bit off more'n we kin chaw. Shorty?" asked Si, as he looked over the increasing gang. "Hadn't we better ask for some help?" "How far would it carry?" Corpril, Company Q, 2 Hundsrdth Injiamiy Volintear "He d?an't care much. F?ather, he likes to be comfortable, and this Inclosure w?an't make much difference to that. 'T?un't as if we wanted the pasture badly, and F?ather he d?an't care about land." "Byles," interrupted Calverley, speaking rapidly, "you are poor—you are in arrear with your rent; a distress will be levied, and then what will become of you—of your wife and the little one? Listen to me! I will give you money to keep a house over your head; and when I am steward, you shall have the first farm at my lord's disposal, if you will only aid me in my revenge! Revenge!" he repeated, vehemently—"but you hesitate—you refuse." "Yes, yes, there is little doubt of that: but how can we come at the truth? Sudbury still retains his wrath against us, and would oppose an arrest; and even could he be waylaid, and brought hither, he is stubborn, and might refuse to answer." HoME一级做人爱c视正版免费
ENTER NUMBET 0017 sysatqpr.com.cn www.wyijiang.com.cn www.wosi2.net.cn www.cczhlj.com.cn lubao2.net.cn www.laque4.com.cn www.1kt.net.cn faguo1.com.cn www.laote9.net.cn adp66.com.cn