On 1 May 2013 15:29, David Vorick <[email protected]> wrote: > I don't know what I'm talking about, but here goes: > > If you were to put flash in a "sandbox" that had a fake IP address, might > that make the sandbox incompatible with the tor network? When you are > communicating, even over the tor network, your IP address is critical so > that servers on the other end know where to send messages. That means that > at the very least you have to know your own IP address. If the flash > sandbox had a false address, the network might reject communication > altogether, or it might simply be unable to return the messages to the > right spot. > > Am I incorrect?
Well, when anyone from outside the Tor project talks about sandboxing flash, they're talking about restricting the system calls it can make, restricting it from touching files on disk, spawning processes - real sandbox stuff. That's what Mozilla is after with Shumway. That's what Chrome is/was after with their sandbox. Tor is afraid of Flash for three reasons as I see it: it's buggy (see my previous sentence), it can read your IP address, and (I believe) it can or can be made to make requests that circumvent a configured proxy that would leak your external IP to whatever you connect to (assumed to be an attacker). And when I say proxy, you can read "Tor". If Flash is running on a machine with a RFC1918 IP (192.168.x.x, 10.x.x.x, etc) then knowing the IP doesn't help. But it can still make a proxy-circumventing request. Putting Flash in a VM and restricting the VM from making any request except through the proxy (or routing all requests through the proxy) alleviates that concern. -tom _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
