[guardian-dev] Tor isolating proxy - or how to prevent "friendly fire"
daniel at binaryparadox.net
Wed Jan 8 15:44:53 EST 2014
This might be a place where an SELinux/SEAndroid policy could help.
I.e. something like
Throwing this out there as a potential idea, I have no idea how hard it
would be to implement or what the state of SEAndroid deployment is.
Haven't put a lot of thought into this :-)
On 08/01, Richard Z wrote:
> On Wed, Jan 08, 2014 at 08:18:21PM +0100, Timur Mehrvarz wrote:
> > Nobody wants to answer this. Is this because background leakage is just
> > hard to solve? Or is there something wrong with how I perceive this to
> > be a problem?
> it is hard to solve. 2 things that my be handy come to my mind:
> * on a low enough level you can specify iptables rules based on process or group id
> * you could run 2 proxies, one for normal apps and a special one for
> tor apps - and configure the "unprivileged" one to block/delay all
> requests when needed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 487 bytes
Desc: not available
More information about the Guardian-dev