Fix onion-grater profile for Whonix #27
Conversation
Wahay sends an IP of 0.0.0.0 to ADD_ONION, which needs to be translated on the Whonix-Gateway to the Workstation IP. (This also reduces attack surface a bit.)
JeremyRand
force-pushed
the
onion-grater-whonix
branch
from
d9a7ab6
to
505e6a6
Compare
|
Thank you for the contribution. I'm feeling a little bit uncomfortable with the hard-coded ports, since these are only the default potrs and can easily change. It would also be great to have a test on Tails to make sure it works there, before merging. |
@olabiniV2 Are you saying the ports can change via run-time config changes, or via source code changes? onion-grater is in large part a sandboxing/hardening mechanism, so my preference is generally to make the profile as restrictive as possible without breaking functionality.
I don't have an easily accessible Tails machine but I'll see what I can do here. |
When running on Whonix-Workstation, Wahay sends an IP of
0.0.0.0toADD_ONION, which needs to be translated on the Whonix-Gateway to the Workstation IP. (This also reduces attack surface a bit.)Fixes #26 . I haven't tested this with Tails but I'd be surprised if it breaks anything there.