Page MenuHomePhabricator
Feed Advanced Search

Nov 19 2016

HulaHoop added a comment to T495: Track upstream fix for QXL auto resolution bug.

Awesome. The bug has been identified and fixed with backports of the fix coming to the longterm 5.8 series.

Nov 19 2016, 5:42 AM · KVM, Whonix, research
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

Though I agree with anonym's argument that resource exhaustion goes against the purpose of advanced malware that wants to hide - I still looked at io limits in case you still think its valuable to set.

Nov 19 2016, 5:39 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 18 2016

Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.

https://bugs.kde.org/show_bug.cgi?id=356864

Nov 18 2016, 2:24 AM · KVM, Whonix, research
Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.

https://bugs.kde.org/show_bug.cgi?id=370494 has more comments.

Nov 18 2016, 2:23 AM · KVM, Whonix, research

Nov 12 2016

Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

HulaHoop (HulaHoop):

HulaHoop added a comment.

There's a problem with setting this. SSD vs HDD io throughput is very different. What is reasonable for one will be excessive or too low for the other.
Nov 12 2016, 3:22 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
HulaHoop added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

There's a problem with setting this. SSD vs HDD io throughput is very different. What is reasonable for one will be excessive or too low for the other.

Nov 12 2016, 12:20 AM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Nov 11 2016

Patrick updated the task description for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 11 2016, 3:55 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
Patrick updated the task description for T12: virtualizer: enforce maximum system resources a virtual machine may use.
Nov 11 2016, 3:54 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer
Patrick added a comment to T12: virtualizer: enforce maximum system resources a virtual machine may use.

blkiotune and iotune can restrict io (KVM only)
https://libvirt.org/formatdomain.html#elementsBlockTuning

Nov 11 2016, 3:45 PM · Whonix, VMware, Qubes, KVM, VirtualBox, virtualizer

Oct 20 2016

Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.

Great!

Oct 20 2016, 12:36 AM · KVM, Whonix, research

Oct 19 2016

HulaHoop added a comment to T495: Track upstream fix for QXL auto resolution bug.

Great. Looks like the libvirt devs from the other ticket are helping out!

Oct 19 2016, 10:47 PM · KVM, Whonix, research

Oct 18 2016

Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.

More answers there.

Oct 18 2016, 6:12 PM · KVM, Whonix, research

Oct 17 2016

Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.

Got another answer:
https://bugs.kde.org/show_bug.cgi?id=370494#c4

Oct 17 2016, 11:51 PM · KVM, Whonix, research
Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.

Done, posted.

Oct 17 2016, 6:16 PM · KVM, Whonix, research
HulaHoop added a comment to T495: Track upstream fix for QXL auto resolution bug.

To move things along please post this:

Oct 17 2016, 3:11 AM · KVM, Whonix, research

Oct 13 2016

Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.
In T495#10722, @Patrick wrote:
Oct 13 2016, 2:00 AM · KVM, Whonix, research

Oct 12 2016

HulaHoop added a comment to T495: Track upstream fix for QXL auto resolution bug.

Thanks. Looks like we got a reply from the project lead Martin Gräßlin.

Oct 12 2016, 3:35 PM · KVM, Whonix, research
Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.

An answer was posted:
https://bugs.kde.org/show_bug.cgi?id=370494#c1

Oct 12 2016, 3:31 PM · KVM, Whonix, research

Oct 11 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Looks like I overlooked python3-netfilterqueue-packager.

Oct 11 2016, 10:40 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.

https://bugs.kde.org/show_bug.cgi?id=370494

Oct 11 2016, 8:52 PM · KVM, Whonix, research
HulaHoop added a comment to T495: Track upstream fix for QXL auto resolution bug.

KDE window manager so that would be the component: kwin

Oct 11 2016, 8:44 PM · KVM, Whonix, research
Patrick added a comment to T495: Track upstream fix for QXL auto resolution bug.

Against what product (component)? There is a zillion of them. List here:
https://bugs.kde.org/query.cgi?format=advanced

Oct 11 2016, 8:19 PM · KVM, Whonix, research
HulaHoop added a comment to T495: Track upstream fix for QXL auto resolution bug.

I tried registering on https://bugs.kde.org/ to create a bug report but it seems to be blocking anonymous users from creating accounts. Patrick can you please open an account and post it on my behalf?

Oct 11 2016, 3:30 PM · KVM, Whonix, research

Oct 10 2016

HulaHoop added a comment to T495: Track upstream fix for QXL auto resolution bug.

A few months later someone confirmed the QXL bug and explained some workarounds which involve disabling KMS mode which will also require disabling important Grsecurity features.

Oct 10 2016, 5:16 PM · KVM, Whonix, research
HulaHoop renamed T495: Track upstream fix for QXL auto resolution bug from Workaround Feature: Daemon for auto-resolution adjustment on KVM guests to Track upstream fix for QXL auto resolution bug.
Oct 10 2016, 5:13 PM · KVM, Whonix, research

Oct 3 2016

HulaHoop closed T556: fix OpenPGP verifications confusion ova vs libvirt.xz as Resolved.

I hope they will be smart enough to understand that KVM is Linux only.

Oct 3 2016, 3:11 AM · user documentation, KVM, Whonix

Oct 2 2016

Patrick added a comment to T556: fix OpenPGP verifications confusion ova vs libvirt.xz .

Dunno if it happens that users download KVM on a Windows computer, than
install on a Linux computer. Perhaps take a shortcut and tell them to
start doing it right everything on a Linux computer for better security.

Oct 2 2016, 8:15 PM · user documentation, KVM, Whonix
HulaHoop added a comment to T556: fix OpenPGP verifications confusion ova vs libvirt.xz .

Should I bother with Mac/Windows instructions when KVM is Linux only?

Oct 2 2016, 2:24 AM · user documentation, KVM, Whonix

Oct 1 2016

Patrick added a comment to T556: fix OpenPGP verifications confusion ova vs libvirt.xz .

Partially done. Now the most important parts of Verify_the_virtual_machine_images_using_the_command_line are still shared.

Oct 1 2016, 6:12 PM · user documentation, KVM, Whonix
Patrick added a comment to T556: fix OpenPGP verifications confusion ova vs libvirt.xz .

Looking into it now.

Oct 1 2016, 5:50 PM · user documentation, KVM, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Also with 64bit compatibility this means the repo paths have changed.

Oct 1 2016, 5:31 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T556: fix OpenPGP verifications confusion ova vs libvirt.xz .

I can apply simple variables successfully with

Oct 1 2016, 8:04 AM · user documentation, KVM, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Yes it can stay as it is.

Oct 1 2016, 5:10 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 30 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

That's great! So https://github.com/Whonix/whonix-gw-network-conf/blob/master/etc/network/interfaces.d/30_non-qubes-whonix can stay as is?

Sep 30 2016, 11:24 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Great news! This config works without hacks. You can keep 10.0.2.15 unchanged too. Turns out the gateway ip address was just called "ip address"...

Sep 30 2016, 9:36 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

No idea. But we should probably stay on the subnet we have.

Sep 30 2016, 5:05 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

OK I will try route but I need some help with commands.

Sep 30 2016, 4:58 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Seems like an awful hack. Last resort. If it somehow by some update (by ifupdown) is run after ifupdown, it breaks connectivity.

Sep 30 2016, 3:24 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

We're using ConditionVirtualization=kvm elsewhere already.(shared-folder-help systemd unit file) Should be doable to reuse it for the route command also.

Sep 30 2016, 5:19 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 29 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

We're using ConditionVirtualization=kvm elsewhere already.
(shared-folder-help systemd unit file) Should be doable to reuse it for
the route command also.

Sep 29 2016, 11:03 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you redirect these packages using route? (Try in a Debian VM first to exclude Whonix firewall from interfering.)

Sep 29 2016, 10:41 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you redirect these packages using route? (Try in a Debian VM first to exclude Whonix firewall from interfering.)

Sep 29 2016, 7:33 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

A very ugly hack:

Sep 29 2016, 3:20 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Then we have reached an impasse because nothing I can put in the network configuration can change the gateway IP. Its not KVM's fault as its the norm to have gateway IPs of x.x.x.1 for a given subnet. Because some idiot on the VBox team chose .2 compatibility is impossible.

Sep 29 2016, 2:42 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

address 10.0.2.128
netmask 255.255.255.0

Sep 29 2016, 5:17 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).
address 10.0.2.128
netmask 255.255.255.0
gateway 10.0.2.1
Sep 29 2016, 3:10 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Looks like libvirt supports a gateway= keyword. Does that work?

Sep 29 2016, 2:50 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Looks like libvirt supports a gateway= keyword. Does that work?

Sep 29 2016, 2:31 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

address 10.0.2.15
netmask 255.255.252.0

Sep 29 2016, 2:28 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Various documentation changes:

Sep 29 2016, 1:45 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

These steps were not needed at all. Once I selected non-conflicting settings everything worked. Some changes to the netmask and gateway will need to be made to interfaces.d

Sep 29 2016, 1:42 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 28 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

I doubt it is possible to successfully use a dhcp client with raw sockets disabled. It may be possible to develop such a thing in theory, but I don't think it exists.

Sep 28 2016, 7:03 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

What I meant was subnet range using the CIDR calculator:

Sep 28 2016, 6:44 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Same as VirtualBox.

Sep 28 2016, 5:10 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

My mistake I was not clear. By network configuration I mean yet another XML to create a new separate network as an alternative to "default" (like how I do it now with whonix internal network for KVM). It has nothing to do with GW files at all. No changes have to be made there.

Sep 28 2016, 3:58 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

192... will be a huge generator of FUD "conflicts with my router". Long time ago we moved away from that exactly for that reason.

Sep 28 2016, 12:19 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 27 2016

HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

So can we move to something static in the 192.168.122.2 - 192.168.122.254 range (depends on VBox choking or not) or should I include another network file with the whonix-libvirt package?

Sep 27 2016, 5:59 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).
By working you mean in multi-GW usecase too?
Sep 27 2016, 4:28 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you emulate these changes, use that static IP?

Sep 27 2016, 5:29 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Can you emulate these changes, use that static IP? What will need changes? KVM documentation?

Sep 27 2016, 1:21 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
HulaHoop added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

With libvirt a user can create another NAT network besides the default - with the same IP range. So another GW would have its own dedicated NAT without conflicts.

Sep 27 2016, 12:57 AM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 26 2016

Patrick added a comment to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log).

Switched to static network configuration.

Sep 26 2016, 8:52 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix
Patrick added projects to T559: Securing/Removing DHCPClient from GW (was: Netstat Gateway log): VirtualBox, KVM, Physical Isolation.
Sep 26 2016, 8:41 PM · Whonix 14, Physical Isolation, KVM, VirtualBox, whonix-gw-network-conf, anon-gw-dhcp-conf, research, Whonix

Sep 22 2016

Patrick added a comment to T556: fix OpenPGP verifications confusion ova vs libvirt.xz .

But you may be able to skip that, created an example here:

Sep 22 2016, 5:19 AM · user documentation, KVM, Whonix
HulaHoop added a comment to T556: fix OpenPGP verifications confusion ova vs libvirt.xz .

Can you please link to the mediawiki variables instructions? I keep seeing math formula pages but that's not what we want

Sep 22 2016, 4:45 AM · user documentation, KVM, Whonix

Sep 17 2016

Patrick updated subscribers of T556: fix OpenPGP verifications confusion ova vs libvirt.xz .
Sep 17 2016, 5:18 PM · user documentation, KVM, Whonix
Patrick renamed T556: fix OpenPGP verifications confusion ova vs libvirt.xz from OpenPGP verifications confusion to fix OpenPGP verifications confusion ova vs libvirt.xz .
Sep 17 2016, 5:17 PM · user documentation, KVM, Whonix
Patrick created T556: fix OpenPGP verifications confusion ova vs libvirt.xz .
Sep 17 2016, 5:17 PM · user documentation, KVM, Whonix

Sep 10 2016

HulaHoop closed T555: Host<->guest clipboard for KVM gateway is default on, should be off as Wontfix.
Sep 10 2016, 2:04 AM · KVM, Whonix

Sep 8 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I've now added Debian packaging support to the actual filter. Both packages install correctly and work well.

Sep 8 2016, 10:38 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Sep 7 2016

HulaHoop closed T439: feature request clock offset adjustment random value from KVM upstream as Resolved.
Sep 7 2016, 6:04 PM · upstream, security, Whonix, KVM
HulaHoop added a comment to T555: Host<->guest clipboard for KVM gateway is default on, should be off.

Hello HawKing. The reason we decided to enable it for the gateway is because it makes it easier to paste bridge addresses. The GW is considered part of the trusted computing base and if it isn't you will have much bigger problems that it just seeing clipboard input.

Sep 7 2016, 6:01 PM · KVM, Whonix

Sep 6 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I'm thinking that, from an architecture standpoint, we probably want to have one package for kti/python-netfilterqueue, and another one for my NetfilterQueue handler, rather than merge them both into the same package. This would be good if we end up with more than one NetfilterQueue handler (which seems likely; see, for example, T543). I'll also be creating a Debian package for my NetfilterQueue handler in the coming days.

Sep 6 2016, 7:52 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Sep 5 2016

HawKing raised the priority of T555: Host<->guest clipboard for KVM gateway is default on, should be off from High to Needs Triage.
Sep 5 2016, 7:30 PM · KVM, Whonix
HawKing triaged T555: Host<->guest clipboard for KVM gateway is default on, should be off as High priority.
Sep 5 2016, 7:29 PM · KVM, Whonix
HawKing created T555: Host<->guest clipboard for KVM gateway is default on, should be off.
Sep 5 2016, 7:28 PM · KVM, Whonix
Patrick added a comment to T439: feature request clock offset adjustment random value from KVM upstream.

The original scope of this ticket (writing the feature request) is done.
Could you please close this ticket and open a follow up one should there
be anything left to do?

Sep 5 2016, 4:15 PM · upstream, security, Whonix, KVM
HulaHoop added a comment to T431: wall clock likely readable by VMs allowing Clock Correlation Attacks.

Same as T439 no wall-clock guest or otherwise provided any longer.

Sep 5 2016, 4:10 PM · research, bug, security, Whonix, KVM
HulaHoop added a comment to T439: feature request clock offset adjustment random value from KVM upstream.

Now that I've disabled rtc timer this is no longer possible. However no accurate timers exist for the guest. Another side effect was that you can't do graceful shutdowns (necessary to remove acpi_pm timer - acpi had to be disabled).

Sep 5 2016, 4:04 PM · upstream, security, Whonix, KVM

Sep 2 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

I've created some bash scripts to create a Debian package for kti/python-netfilterqueue. They're available in this GitHub repository, and I've uploaded a version of the package created on my Debian Jessie system here. There are still a few issues I'll be resolving in the coming days, including the lack of a source package, but it's overall completely functional.

Sep 2 2016, 7:59 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
HulaHoop updated the task description for T540: Advanced Attacks Meta Ticket.
Sep 2 2016, 7:25 PM · VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a comment to T550: Clock Drift Detection.

These KDE menus are disabled by Whonix. In plain Debian VMs these should

be visible.

Sep 2 2016, 4:13 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a comment to T550: Clock Drift Detection.

HulaHoop (HulaHoop):

Tested enabling pm settings in KVM and I don't see suspend/hibernate in the VM power options in the menu.

Sep 2 2016, 2:02 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Tested enabling pm settings in KVM and I don't see suspend/hibernate in the VM power options in the menu. VBox threads on SE agree that guest suspend isn't available.

Sep 2 2016, 1:50 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

You're right. My idea is needlessly complicated and I admit I learned a lot from your plan.

Sep 2 2016, 1:04 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Sep 1 2016

Patrick added a project to T550: Clock Drift Detection: Whonix-Host.
Sep 1 2016, 11:15 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a comment to T550: Clock Drift Detection.

Right, clock_jump_detector_monitor works also not in VirtualBox ws (or gw). Both system time (date) and hardware clock (hwclock) do not notice VirtualBox being paused.

Is that true on Linux too? I thought I saw a support thread about VBox 5+ using kvmclock device too: https://www.whonix.org/blog/virtualbox-acceleration-mode

Sep 1 2016, 10:59 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Right, clock_jump_detector_monitor works also not in VirtualBox ws (or gw). Both system time (date) and hardware clock (hwclock) do not notice VirtualBox being paused.

Sep 1 2016, 7:20 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Aug 30 2016

Patrick added a comment to T550: Clock Drift Detection.

Right, clock_jump_detector_monitor works also not in VirtualBox ws (or gw). Both system time (date) and hardware clock (hwclock) do not notice VirtualBox being paused.

Aug 30 2016, 12:42 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Aug 29 2016

HulaHoop added a comment to T550: Clock Drift Detection.

For generating the knock packets (when clock jump detected) we can use scapy:
https://packages.debian.org/jessie/python-scapy

Aug 29 2016, 11:13 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Test summary:

Aug 29 2016, 9:42 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added projects to T550: Clock Drift Detection: sdwdate, KVM, VirtualBox.
Aug 29 2016, 8:37 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Aug 24 2016

Patrick added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

The Debian package you mentioned is actually a completely different library serving the same purpose. I'll probably end up porting my code over to use that

As it turns out, that other library chokes whenever the packet handler releases the GIL (which is the only way to get the packet skewing we want). We can't use the Debian package python-nfqueue.
That really leaves us with two options:

  • I could rewrite the handler entirely in C, in which case all we need is Debian's libnetfilter-queue package. However, I generally consider writing security-critical code in C to be a bad idea, especially when threads are involved like they are here.
Aug 24 2016, 10:48 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

First off, this would likely better be discussed directly on T543, as it's largely unrelated to ping latency covert channels.

Aug 24 2016, 1:45 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix
ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

The Debian package you mentioned is actually a completely different library serving the same purpose. I'll probably end up porting my code over to use that

Aug 24 2016, 7:42 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Aug 23 2016

HulaHoop added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

If the attacker's goal is to judge clock skew (which can get to be tens of milliseconds), then it's completely practical

Aug 23 2016, 12:00 AM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Aug 22 2016

ethanwhite added a comment to T530: CPU-induced latency Covert Channel Countermeasures.

Could it be replaced with the Debian package python-nfqueue? Is it the same?

Aug 22 2016, 8:30 PM · virtualizer, VMware, VirtualBox, KVM, Qubes, security, research, Whonix

Aug 20 2016

HulaHoop updated the task description for T540: Advanced Attacks Meta Ticket.
Aug 20 2016, 9:30 PM · VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop added a subtask for T540: Advanced Attacks Meta Ticket: T542: Keyboard/Mouse Fingerprinting Defense.
Aug 20 2016, 9:28 PM · VirtualBox, KVM, Qubes, security, Whonix, research
HulaHoop renamed T540: Advanced Attacks Meta Ticket from Covert Channels Meta Ticket to Advanced Attacks Meta Ticket.
Aug 20 2016, 9:22 PM · VirtualBox, KVM, Qubes, security, Whonix, research