Delivery-Date: Tue, 14 Apr 2015 18:24:07 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 4D6591E1275
	for <archiver@seul.org>; Tue, 14 Apr 2015 18:24:05 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 8681B329CC;
	Tue, 14 Apr 2015 22:23:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 68DD62E947
 for <tor-talk@lists.torproject.org>; Tue, 14 Apr 2015 22:23:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id vhiPPIHgb1He for <tor-talk@lists.torproject.org>;
 Tue, 14 Apr 2015 22:23:56 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 42F0620A63
 for <tor-talk@lists.torproject.org>; Tue, 14 Apr 2015 22:23:56 +0000 (UTC)
Received: from plantcutter.riseup.net (plantcutter-pn.riseup.net [10.0.1.121])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 58CFB40E42
 for <tor-talk@lists.torproject.org>; Tue, 14 Apr 2015 22:23:53 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1429050233; bh=Lqk75ZV0jK//G8LHaqWnPTYeP0Ft+UTtJLyRPZiBBgs=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=orz62Uzn6JBBKqciwW1dv0S+RVNGel6+lVztyDhpBVSXQGEdB+W6l68iKK/Ox/V3n
 tb+5W13fBw/5lfW+y85TeUS0OpvS3OHpeMfIGu8PAJdk/l1n0L7gmLC0113JYa3IZV
 1oAgo32jmwwhpRkhn78uE5FfdZpyfAHy2dw5QUf8=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir) with ESMTPSA id 7ABC023B1A
Message-ID: <552D9377.5030805@riseup.net>
Date: Tue, 14 Apr 2015 16:23:51 -0600
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54E36CA2.9040504@mykolab.com> <5529BA28.30909@rawbw.com>
 <20150412064735.GA25987@inner.h.apk.li>
 <a6e97db5c897305c7dd655119c5eba57@riseup.net>
 <CAAgxajG9P07T0Ya_OyY4FS6ZO5HHBYQTYmttu34sp1oNseHL7A@mail.gmail.com>
 <3de2be9cc26c8e14281da15b6148681a@riseup.net> <552D8B97.3040407@rawbw.com>
In-Reply-To: <552D8B97.3040407@rawbw.com>
X-Virus-Scanned: clamav-milter 0.98.6 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] [tor-dev] Porting Tor Browser to the BSDs
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 04/14/2015 03:50 PM, Yuri wrote:
> On 04/14/2015 14:41, WhonixQubes wrote:
>>
>> I believe it is probably generally harder to break out of a virtual
>> machine than root a Linux distro, like Tails, because hypervisors have
>> a more limited attack surface compared to a full monolithic OS.
>>
>> If you use Qubes, then it is infinitely harder to root the host system.
> 
> 
> Can you describe the scenario how can somebody potentially break out of
> the virtual machine and root the host system, if VM is wired to connect
> only through tor?
> 
> Yuri

An adversary could install software in the Whonix workstation VM that
establishes an SSH connection to their machine. The SSH connection would
prevent the Tor process in the Whonix gateway VM from closing the
circuit. The adversary could then run exploits in the workstation VM
designed to gain host access.

If successful, it would be trivial to subvert the Whonix gateway VM.
That doesn't require root privileges. But they could also root the host,
and install software in host that establishes an SSH connection to their
machine. Access then wouldn't depend on Whonix.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

