KVM shared folder security questions

The host being Arch Linux (latest) on ZFS.
The VM being the latest KVM download.
The shared folder feature has been turned on, for reasons of 1. convenience and 2. you actually said you recommend it for now :slight_smile:

So… when one goes and downloads something by using TBB, this warning pops-up:

Tor Browser cannot display this file. You will need to open it with another application.
Some types of files can cause applications to connect to the Internet without using Tor.
To be safe, you should only open downloaded files while offline, or use a Tor Live CD such as Tails.

My question being: will I be safe if I open my files, located on my host, shared folder - inside Whonix?
Any attack possible?

P.S. Thanks for existing, donated a bit, keep up the good job, Patrick and the team!

1 Like

By open I mean watch media(videos/images) and stuff.
I did read that metadata can be a OPSEC mistake.

That is a general warning popup. Unchanged in Whonix. Tor Browser does not get “aware” of Whonix and changes.


Opening files on the host is the worst. That’s what that warning would be for if using TBB on the host. Now, downloading files inside Whonix but then opening on the host also mostly waives any additional protections that Whonix might provide.

For better security:



If you’re opening files in the shared folder from inside the VM you should be safe. Make sure you have auto thumbnailing disabled because there were bugs in these image rendering libraries that are exploitable if you view the folder on the host with the filemanager. As for the new virtio-fs (which I won’t select as default) it has faster performance, but its reliance on host fuse makes me uneasy.

Aaaand I nominate you for the best answer xD thanks Patrick for trying, some people are better off where they belong - making awesome stuff :confused: I don’t blame you, I am like this myself… I mean bad with people.

“… you should be safe” - :d
Auto-thumbnailing dangerous? Thanks, all I need to do is just not go there.
goes there and views shit with a file manager lol

It would seem that you misunderstood what I was trying to ask… I meant opening them withing Whonix, and also downloading too, I guess…
I’d just let them be stored on my host machine well… for convenience reasons ya know? Permanent storage and shit can be both good and bad.

My answer applies to that. That table that was linked has links to this:


If these files aren’t processed or opened by anything [1], i.e. simple storage then the attack surface should be low.

Have you heard of specifically crafted files that can exploit filesystem / kernel / mv / cp vulnerabilities simply by copying/moving? Or in the shared folder implementation? //cc @madaidan
I didn’t yet.
This would also be a good question for security stackexchange and other places as per https://www.whonix.org/wiki/Free_Support_Principle since this is a general computer security question, unspecific to Whonix.

[1] Such as indexing services (example: kde baloo) / thumbnailing services / image preview in file managers / opening in image or pdf viewers.

Since I use a CLI file manager, I should be able to just set checks if I am in my directory, and if so - deny the preview of files.

Have you heard of specifically crafted files that can exploit filesystem / kernel / mv / cp vulnerabilities simply by copying/moving? Or in the shared folder implementation? //cc @madaidan

You got me scared there… until I read:

Yeah, mv/cp/rsync would be one of my main software utilities I’d be using, in some shell scripting.

Security stackexchange? Thank you very much for this and for … well… answering them non-the-less.

Please find a less JAVASCRIPT-DEPENDENT platform for community-driven questions&answers… it is necessary! Or at least that which does not require GOOGLE JS…

By the way, I see that files made (perhaps also modified) within the WW are, on the host machine, now belonging to the nobody:kvm. Should I recursively chown the whole share folder before firing up the WW to nobody:kvm? I did check inside the WW shared folder and it’s all just user:user, I believe.

The permissions command should always be applied recursively for best results.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]