[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Virtualbox setting

What are the security concerns when Bidirectional is set on Workstation?

What is the reason for I/O APIC is enabled?

What is optimal RAM (not min. required) for running Gateway & Workstation?

Thank you.

What are the security concerns when Bidirectional is set on Workstation?
This is documented here: https://www.whonix.org/wiki/VirtualBox_Guest_Additions#Clipboard_Sharing (see the footnotes)
What is the reason for I/O APIC is enabled?
https://github.com/Whonix/Whonix/blob/f6450d0bf562d32d8bc63b77ef61ae08f36b1cf4/build-steps.d/2600_create-vbox-vm#L59-L82
What is optimal RAM (not min. required) for running Gateway & Workstation?
Relative answers: - Same as usual Debian jessie on host operating systems. - Depends on use case. - If you always have free ram, never need to swap, then it's optimal.

A marble answer:

  • 2 GB should suffice for most popular non-special use cases.

So it seems bidirectional is disabled because it refers to carefulness of user’s actions. If bidirectional is enabled, is it be possible for the function to be exploited by a virus/vulnerability on the guest machine e.g. trying to break into host?

So it seems bidirectional is disabled because it refers to carefulness of user's actions.
Our only justification.
If bidirectional is enabled, is it be possible for the function to be exploited by a virus/vulnerability on the guest machine e.g. trying to break into host?
That's more more vague. See: https://www.whonix.org/blog/installing-virtualbox-guest-addition-by-default

But assuming Guest Additions has been uninstalled or removed, there is no known or possible way a person/vulnerability can exploit the bidirectional function to try gain access or information from the host?

As per https://www.whonix.org/blog/installing-virtualbox-guest-addition-by-default we don’t believe anymore uninstalling guest additions provides security benefits against exploitation.

Yes, but regardless of guest additions are there any known ways to exploit the bidirectional function (through sometime other than a user error)?

Not that I know.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]