protecting/hiding IP from application

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

protecting/hiding IP from application

Postby imnih » Sat Mar 31, 2012 11:27 pm

Not your typical threat model but when using an "anonymizer" such as Tor protecting the IP address is a top priority. I know that full OS virtualization can provide additional layers of defense but it also adds much code, complexity and maintenance overhead.

Do you think a more lightweight approach using MAC/RBAC is possible?

The goal is that an adversary who exploited an application (e.g. web browser) needs at least another exploit or "sandbox escape" to even determine the "real" IP. Firewalling the application is not enough, if it can be leaked over allowed channels that would still result in a compromise.

discussion about that here: ... es-fast-er
Posts: 2
Joined: Sat Mar 31, 2012 10:56 pm

Return to grsecurity support