Page MenuHomePhabricator

Active Repositories

  • No repositories found for this query.

Recent Activity

Sat, Jan 18

Patrick closed T470: Whonix home page redesign as Resolved.
Sat, Jan 18, 1:22 PM · html, Whonix, user documentation
Patrick updated the task description for T868: mediawiki fixes #2.
Sat, Jan 18, 12:42 PM · website, Whonix
Patrick added a comment to T868: mediawiki fixes #2.

JasonJAyalaP (Jason J. Ayala P.):

JasonJAyalaP added a comment.

**clickable expand button inside text**
Done. Check: https://www.whonix.org/wiki/Template:Reload_Tor
Sat, Jan 18, 12:39 PM · website, Whonix
Patrick updated the task description for T868: mediawiki fixes #2.
Sat, Jan 18, 12:14 PM · website, Whonix
Patrick added a comment to T868: mediawiki fixes #2.

replace Menu bar with hardcoded links
Isn't this a mediawiki configuration option? It should have basic nav choices.

Sat, Jan 18, 12:14 PM · website, Whonix
Patrick updated the task description for T868: mediawiki fixes #2.
Sat, Jan 18, 12:12 PM · website, Whonix
Patrick added a comment to T868: mediawiki fixes #2.

two separate pre tags get intermingled and shown as one box
Can you link me to an example (or create a page with one)?

Sat, Jan 18, 12:12 PM · website, Whonix
JasonJAyalaP added a comment to T868: mediawiki fixes #2.

clickable expand button inside text

Sat, Jan 18, 5:32 AM · website, Whonix
JasonJAyalaP added a comment to T868: mediawiki fixes #2.

replace Menu bar with hardcoded links
Isn't this a mediawiki configuration option? It should have basic nav choices.

Sat, Jan 18, 5:01 AM · website, Whonix
JasonJAyalaP added a comment to T868: mediawiki fixes #2.

two separate pre tags get intermingled and shown as one box
Can you link me to an example (or create a page with one)?

Sat, Jan 18, 5:00 AM · website, Whonix
JasonJAyalaP added a comment to T868: mediawiki fixes #2.

too much whitespace
This is unnecessary whitespace from the html line:

Sat, Jan 18, 4:53 AM · website, Whonix

Fri, Jan 17

Patrick updated the task description for T868: mediawiki fixes #2.
Fri, Jan 17, 9:03 AM · website, Whonix
Patrick updated the task description for T868: mediawiki fixes #2.
Fri, Jan 17, 8:40 AM · website, Whonix

Wed, Jan 15

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.
In T950#19249, @Patrick wrote:

The loader of tirdad is currently using dmesg.

Wed, Jan 15, 12:11 PM · Whonix 15, Whonix, security-misc

Tue, Jan 7

HulaHoop added a comment to T552: Packaging USBKill.

An interesting product that triggers a system wipe if the cable is pulled:

Tue, Jan 7, 5:51 PM · Whonix-Host, security, Whonix
Patrick updated the task description for T868: mediawiki fixes #2.
Tue, Jan 7, 6:39 AM · website, Whonix

Wed, Jan 1

Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

The loader of tirdad is currently using dmesg.

Wed, Jan 1, 12:31 PM · Whonix 15, Whonix, security-misc
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

quiet

Wed, Jan 1, 12:05 PM · Whonix 15, Whonix, security-misc

Thu, Dec 26

Patrick edited projects for T953: extrepo - safely adding repos, added: Whonix 15; removed Restricted Project.
Thu, Dec 26, 4:06 PM · Whonix 15, Whonix
Patrick triaged T953: extrepo - safely adding repos as Normal priority.
Thu, Dec 26, 4:05 PM · Whonix 15, Whonix

Wed, Dec 25

Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.
Wed, Dec 25, 10:39 AM · Whonix 15, Whonix, security-misc
Patrick updated the task description for T950: set kernel.printk sysctl to prevent kernel info leaks.
Wed, Dec 25, 10:38 AM · Whonix 15, Whonix, security-misc

Tue, Dec 24

madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

This just prevents writing to /dev/kmsg. It doesn't stop kernel logs being displayed during boot.

Tue, Dec 24, 7:09 PM · Whonix 15, Whonix, security-misc
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Still wondering if initramfs modification this can be avoided... Still wondering if kernel.printk can be set through a kernel parameter. Looking again at https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/kernel-parameters.txt...

Tue, Dec 24, 6:24 PM · Whonix 15, Whonix, security-misc
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Sounds good.

Tue, Dec 24, 5:54 PM · Whonix 15, Whonix, security-misc
madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

https://github.com/Whonix/security-misc/pull/51

Tue, Dec 24, 5:34 PM · Whonix 15, Whonix, security-misc
madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

We can use a sysctl.d drop-in and an initramfs hook in security-misc so non-initramfs users will still be mostly protected.

Tue, Dec 24, 5:10 PM · Whonix 15, Whonix, security-misc
madaidan added a comment to T943: make /boot and /lib/modules unreadable even for root.

Any attempted access of /boot would be logged the same way anyway although it might be good to use that to stop it from showing up in aa-logprof.

Tue, Dec 24, 5:07 PM · security, Whonix, apparmor-profile-everything
Patrick closed T943: make /boot and /lib/modules unreadable even for root as Resolved.

Would an audit denyrule for /boot be useful for the sake of audit?

Tue, Dec 24, 4:49 PM · security, Whonix, apparmor-profile-everything
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

I guess because a sysctl.d drop-in config file is easy and catches most.
initramfs hook covers only initramfs users. Not dracut. But
security-misc initramfs hook sounds good enough. dracut support can
come later, if ever. Please implement.

Tue, Dec 24, 4:47 PM · Whonix 15, Whonix, security-misc
madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Why not use an initramfs hook in security-misc? Not everyone will have security-misc and apparmor-profile-everything installed. Users with just security-misc installed will still have some kernel logs shown during early boot.

Tue, Dec 24, 4:39 PM · Whonix 15, Whonix, security-misc
madaidan added a comment to T943: make /boot and /lib/modules unreadable even for root.

/boot isn't allowed in init-systemd anyway so we don't need to add it to dangerous-files. Apparmor denies access to files that aren't explicitly allowed. The only reason we need to blacklist /lib/modules and not /boot is because we give access to all libraries.

Tue, Dec 24, 4:37 PM · security, Whonix, apparmor-profile-everything
Patrick added a comment to T943: make /boot and /lib/modules unreadable even for root.

Still need to add /boot to https://github.com/Whonix/apparmor-profile-everything/blob/master/etc/apparmor.d/abstractions/dangerous-files? Currently cannot find it there.

Tue, Dec 24, 12:17 PM · security, Whonix, apparmor-profile-everything
Patrick closed T937: make /boot and /lib/modules unreadable for non-root users as Resolved.
Tue, Dec 24, 12:15 PM · Whonix, security-misc
Patrick closed T945: /etc/default/grub.d/40_kernel_hardening.cfg fails to detect kernel upgrade as Resolved.

https://github.com/Whonix/security-misc/commit/ede536913daa0c7ddfe55e20c93d7b752daa5de3

Tue, Dec 24, 12:15 PM · Whonix, security-misc
Patrick added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Yes. Probably both. initramfs for apparmor-profile-everything users and
/etc/sysctl.d/ security-misc.

Tue, Dec 24, 12:02 PM · Whonix 15, Whonix, security-misc

Mon, Dec 23

madaidan added a comment to T937: make /boot and /lib/modules unreadable for non-root users.

https://github.com/Whonix/security-misc/pull/50

Mon, Dec 23, 9:29 PM · Whonix, security-misc
madaidan added a comment to T943: make /boot and /lib/modules unreadable even for root.

/boot/ is already unreadable.

Mon, Dec 23, 9:27 PM · security, Whonix, apparmor-profile-everything
madaidan added a comment to T937: make /boot and /lib/modules unreadable for non-root users.
Mon, Dec 23, 9:26 PM · Whonix, security-misc
madaidan added a comment to T950: set kernel.printk sysctl to prevent kernel info leaks.

Should this be set in the initramfs?

Mon, Dec 23, 9:08 PM · Whonix 15, Whonix, security-misc