An adversary could stress either/and CPU, HDD, RAM, network connection and other Whonix-Workstations and perhaps also the host would suffer. This is bad:
- attacks on anonymity when using multiple workstations (whether behind same gateway or not)
- host ddos
Virtual machines (VM) can use an unlimited amount of resources. I.e.
- CPU load
- network load
- I/O (hdd) load
- graphic calculation load
- (RAM load?)
This might happen because some application inside a VM has a bug and starts draining resources or because a VM has been compromised.
Ideally the virtualizer on the host would enforce maximum system resources the VM may use.
This ticket is a reminder to implement this protection for all virtualizers supported by Whonix some day.
If someone wants to implement this feature for a particular virtualizer, please create a sub task to keep things separated.
Related:
T530