Problem (real exposure)
On Linux, generate_xmrig_config overrides the API to http.host=0.0.0.0 and http.restricted=false (rigforge.sh:277-278), with access-token defaulting to the hostname (:115) — a guessable token. Result: the miner's control API is reachable across the network, unrestricted (can change config / pause / etc.), guarded only by a guessable token. (macOS correctly uses restricted=true; the bundled worker-config template is also restricted=true — the Linux override is the problem.)
Proposed
- Default Linux to
restricted=true and bind localhost (127.0.0.1), matching macOS/template.
- If a network-reachable API is wanted, gate it behind an explicit opt-in and require a strong random
access-token (generate one; don't default to hostname).
Acceptance
Problem (real exposure)
On Linux,
generate_xmrig_configoverrides the API tohttp.host=0.0.0.0andhttp.restricted=false(rigforge.sh:277-278), withaccess-tokendefaulting to the hostname (:115) — a guessable token. Result: the miner's control API is reachable across the network, unrestricted (can change config / pause / etc.), guarded only by a guessable token. (macOS correctly usesrestricted=true; the bundledworker-configtemplate is alsorestricted=true— the Linux override is the problem.)Proposed
restricted=trueand bind localhost (127.0.0.1), matching macOS/template.access-token(generate one; don't default to hostname).Acceptance