Marek Marczykowski-Górecki: > On Wed, Aug 17, 2016 at 01:42:36AM -0700, nekroze.law...@gmail.com wrote: > >>> In any case, if you put Fedora-based VM behind sys-whonix, and set it as >>> UpdateVM, it should work. > >> That does indeed seem to fix the problem. Is there a reason why the whonix >> setup choice that uses whonix for dom0 updates not also build an update vm >> that uses sys-whonix and is based off of fedora? > > Basic actions (install updates, new packages) should work in this setup > and it save some RAM (no need for additional VM in addition to > sys-whonix).
Seems to me that an attack could be constructed where the Tor exit used for update downloads feeds sys-whonix an exploit, and from there is able to either break out of Tor, or compromise Tor in some way that may affect other VM's' anonymity. Granted, this is a fairly lousy attack as attacks go, but isn't the entire point of Whonix that nothing is supposed to run inside the Whonix gateway except Tor? Cheers, -Jeremy Rand -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d9feec4-a205-dc21-9158-bad70538f8ee%40airmail.cc. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature