Page MenuHomePhabricator

make grsecurity kernel, grsecurity-installer work inside Whonix
Closed, InvalidPublic

Description

Introduction:

TODO:

  • use grsecurity sources from Debian repository (not from grsecurity.net because then we can avoid custom gpg verification)
  • package needs more testing and eventually various fixes
  • the 'make menuconfig' which currently needs manual interaction needs to be automated (preseeded by a configuration file most likely?)
  • sane, secure, useful kernel compilation configuration file required
  • never mind MPROTECT for now (can be disabled)
  • test if it works inside Qubes and fix if required
  • test if it works inside Qubes-Whonix and fix if required

possibly helpful:

Bounty too low?:

  1. Go to https://www.bountysource.com/issues/14471558-make-grsecurity-kernel-grsecurity-installer-work-inside-whonix
  2. Click on "Developers"
  3. Click on "Get Started"
  4. Select Status "Bounty too low"
  5. Enter your offer and press "Save".

Mirrored from:
https://phabricator.whonix.org/T301


Mirrored to:
https://github.com/Whonix/grsecurity-installer/issues/1


On bountysource:
https://www.bountysource.com/issues/14471558-make-grsecurity-kernel-grsecurity-installer-work-inside-whonix

(If you are reading on bountysouce, you can skip all comments until Snapshot of this before I am going to rewrite the ticket. and read from there.)

Details

Impact
High

Event Timeline

Patrick updated the task description. (Show Details)May 12 2015, 5:15 PM
Patrick set Impact to High.
Patrick added subscribers: Patrick, HulaHoop.
Patrick created this task.
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)May 12 2015, 5:17 PM
Patrick updated the task description. (Show Details)

A compact list of sane grsec defaults as deployed on gentoo:

https://wiki.gentoo.org/wiki/Hardened/Grsecurity2_Quickstart

Comprehensive coverage of grsec features and default settings:

https://wiki.archlinux.org/index.php/Grsecurity

What are cons of using the Mempo kernel that's already patched with grsecurity?

Mempo kernel:

  • does it even compile?
  • the size of that repository, number of files, number of code lines vs grsecurity-installer is deterring
  • repository contains a history of grsecurity patches -> bad practice -> nowhere near ready for inclusion into Debian
  • seems more like a repository that is run by maintainers to compile a kernel that will be uploaded to a deb repository used for Mempo rather than a grsecurity-installer that would be similar to torbrowser-launcher / tb-updater, that is supposed to be run by a Debian user
  • maybe parts of it would be useful for grsecurity-installer, perhaps they have sorted auto automating kernel config

What about the corsac repository listed in:
https://wiki.debian.org/grsecurity

It's also just a compiled kernel. I am that far. Has almost the same TODO as this ticket. Non-minor stuff such as "desktop environment (kdm) currently does not start, needs fixing".

Long term I think its better to have a script to compile and update a grsec kernel than a package in upstream repos because some protections can only be effective if they are unique to the user. A precompiled kernel loses these benefits because the protection values are public and known to everyone including the attacker. Arch has a packaged kernel and they explain the limits:

https://wiki.archlinux.org/index.php/Grsecurity

I see the potential problems with update logistics same as you had to handle with TBB updater bit it's a trade off between full protection and ease of compilation.

This is a big project in itself. The ideas I'll post belong on Rickard's github tracker:

The script should have different default option configuration files so users can choose depending on the intended use of the computer server vs desktop.

Tor support so all this can happen anonymously preventing metadata and package info from leaking.

HulaHoop added a comment.EditedAug 21 2015, 5:37 PM

Actually the best option is the availability of a Debian grsecurity kernel source package that can be deterministically built. That way the maintenance and update burden is handled upstream and it can be securely installed thru apt with the full protections of grsecurity.

Patrick updated the task description. (Show Details)May 4 2016, 9:37 PM
HulaHoop closed this task as Invalid.Apr 29 2017, 6:20 PM
HulaHoop claimed this task.