On Thu, Sep 26, 2019 at 10:09:04AM -0500, Sven Semmler wrote:
My understanding is that TOR actually runs in the gateway and the the workstation(s) enable typical Qubes style compartmentalization. Meaning that if app-anon-1 is compromised, the sys-whonix and a potential app-anon-2 are not. When I create a second sys-whonix-id I can see via the Tor control panel that it uses a different Onion circuits than the first instance.
Would it be recommended to use a separate sys-whonix gateway for applications where one needs to expose the Tor ControlPort to AppVMs? While the ControlPort would be protected by a password (this is mandatory for non-local access) it seems conceivable that either: a) the AppVM that has legitimate access (and the password) to the ControlPort might get compromised, or b) another AppVM (without legit access or the password) might be used to exploit a vulnerability in the exposed ControlPort A 2nd sys-whonix gateway for this situation would seem to reduce the vulnerability. Or maybe I am just being paranoid? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20191001025926.GA1477%40danwin1210.me.
