Re: [Help-gnunet] Security sandboxing of Gnunet

help-gnunet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnunet] Security sandboxing of Gnunet

From:	Sree Harsha Totakura
Subject:	Re: [Help-gnunet] Security sandboxing of Gnunet
Date:	Wed, 27 May 2015 17:44:29 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0

On 05/27/2015 05:20 PM, Geeb wrote:
> Would there be any mileage in a security sense, in running gnunet processes
> in a sandboxed environment like Firejail? Either at host level or user
> level?
> 
> https://l3net.wordpress.com/projects/firejail/

I think you are safe if you run GNUnet as a separate user.  So, in this
case it doesn't add much if you are sandboxing at a host level.

> Would there be any obvious drawbacks?

GNUnet services is designed to be run under a system user.  The services
could be accessed by normal users via TCP/UNIX sockets.  When sandboxed,
the sandbox could interfere with who is allowed access to the services.
 If the sandbox permits this, it shouldn't be a problem.

Some services like the VPN, create a TUN device.  I guess this could be
problematic when the sandboxed.

Regards,
Sree

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnunet] Security sandboxing of Gnunet, Geeb, 2015/05/27
- Re: [Help-gnunet] Security sandboxing of Gnunet, Sree Harsha Totakura <=
  - Re: [Help-gnunet] Security sandboxing of Gnunet, Christian Grothoff, 2015/05/27
    - Re: [Help-gnunet] Security sandboxing of Gnunet, Geeb, 2015/05/28
- Re: [Help-gnunet] Security sandboxing of Gnunet, Christian Grothoff, 2015/05/27

Prev by Date: [Help-gnunet] Security sandboxing of Gnunet
Next by Date: Re: [Help-gnunet] Security sandboxing of Gnunet
Previous by thread: [Help-gnunet] Security sandboxing of Gnunet
Next by thread: Re: [Help-gnunet] Security sandboxing of Gnunet
Index(es):
- Date
- Thread