Re: [Help-gnunet] Security sandboxing of Gnunet

help-gnunet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnunet] Security sandboxing of Gnunet

From:	Christian Grothoff
Subject:	Re: [Help-gnunet] Security sandboxing of Gnunet
Date:	Thu, 28 May 2015 00:24:34 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.6.0

Good point. So if you wanted to use the VPN or enable GNS via DNS
traffic interception using iptables, you'll need to have a sandbox that
is capable of giving the sandboxed process still rather broad
capabilities over the host OS so that it can do the required network
operations (like intercepting all DNS traffic exiting your system).

So again, sandboxing good, tricky to do right depending on the specific
GNUnet service you plan to sandbox (and the specific sandbox tech).

On 05/27/2015 05:44 PM, Sree Harsha Totakura wrote:
> Some services like the VPN, create a TUN device.  I guess this could be
> problematic when the sandboxed.

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnunet] Security sandboxing of Gnunet, Geeb, 2015/05/27
- Re: [Help-gnunet] Security sandboxing of Gnunet, Sree Harsha Totakura, 2015/05/27
  - Re: [Help-gnunet] Security sandboxing of Gnunet, Christian Grothoff <=
    - Re: [Help-gnunet] Security sandboxing of Gnunet, Geeb, 2015/05/28
- Re: [Help-gnunet] Security sandboxing of Gnunet, Christian Grothoff, 2015/05/27

Prev by Date: Re: [Help-gnunet] Security sandboxing of Gnunet
Next by Date: [Help-gnunet] cc
Previous by thread: Re: [Help-gnunet] Security sandboxing of Gnunet
Next by thread: Re: [Help-gnunet] Security sandboxing of Gnunet
Index(es):
- Date
- Thread