[guardian-dev] Tor isolating proxy - or how to prevent "friendly fire"

Daniel McCarney daniel at binaryparadox.net
Wed Jan 8 15:44:53 EST 2014


This might be a place where an SELinux/SEAndroid policy could help.

I.e. something like
http://securityblog.org/2007/05/28/secure-networking-with-selinux/

Throwing this out there as a potential idea, I have no idea how hard it
would be to implement or what the state of SEAndroid deployment is.
Haven't put a lot of thought into this :-)

- Daniel

On 08/01, Richard Z wrote:
> On Wed, Jan 08, 2014 at 08:18:21PM +0100, Timur Mehrvarz wrote:
> > Nobody wants to answer this. Is this because background leakage is just
> > hard to solve? Or is there something wrong with how I perceive this to
> > be a problem?
> 
> it is hard to solve. 2 things that my be handy come to my mind:
> * on a low enough level you can specify iptables rules based on process or group id
> * you could run 2 proxies, one for normal apps and a special one for
>   tor apps - and configure the "unprivileged" one to block/delay all
>   requests when needed
> 
> Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20140108/63648d77/attachment.pgp>


More information about the Guardian-dev mailing list