Page MenuHomePhabricator
Feed Advanced Search

Mon, Jul 8

Patrick closed T631: re-enable tor-controlport-filter.service systemd hardening as Resolved.
Mon, Jul 8, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Removed a few. Would not start without openat, so kept.

Mon, Jul 8, 9:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Mon, Jul 8, 8:30 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Yay, we have ProtectSystem=strict now.

Mon, Jul 8, 1:06 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Can we exclude ExecStartPre=/usr/lib/onion-grater-merger from systemd hardening?

Mon, Jul 8, 12:53 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sun, Jul 7

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Error back after reboot.

Sun, Jul 7, 11:50 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sat, Jul 6

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Sat, Jul 6, 4:23 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/blob/master/lib/systemd/system/onion-grater.service currently works without ReadWritePaths. So let's not add?

Sat, Jul 6, 1:03 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Thu, Jul 4

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder.

Thu, Jul 4, 5:09 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

https://github.com/Whonix/onion-grater/commit/8480cff304ea019b25dc49d91672e7c3f8599a07

Thu, Jul 4, 7:59 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

It's a file, not a folder. Nothing in the code of
/usr/lib/onion-grater-merger writes to /usr/lib/onion-grater-merger.

Thu, Jul 4, 7:41 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Wed, Jul 3

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

I just re-read the error message. Try adding

Wed, Jul 3, 5:10 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

That's weird. Onion-grater is trying to write to somewhere that's being mounted read-only by systemd.

Wed, Jul 3, 4:56 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Mon, Jul 1

Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Merged your changes.

Mon, Jul 1, 10:11 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sat, Jun 29

marmarek added a comment to T324: Add package needrestart.
In T324#18696, @Patrick wrote:

What is a good way to detect that users are using VM kernel in Qubes? @marmarek If uname -r outputs 4.19.43-1.pvops.qubes.x86_64 i.e. matches *pvops* it means that no VM kernel is being used?

Sat, Jun 29, 12:55 PM · upstream, usability, enhancement, anon-meta-packages, Whonix
Patrick updated subscribers of T324: Add package needrestart.

needrestart works good enough for it to be implemented as a test in whonixcheck (--verbose?).

Sat, Jun 29, 12:13 PM · upstream, usability, enhancement, anon-meta-packages, Whonix

Mon, Jun 24

Patrick edited projects for T631: re-enable tor-controlport-filter.service systemd hardening, added: Whonix 15; removed Whonix 16.
Mon, Jun 24, 3:49 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Sun, Jun 23

madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Does it work after you comment ProtectSystem=strict and ReadWriteDirectories=? I think on Qubes-Whonix it is trying to write to a directory in /var/run (probably /var/run/qubes-service). I can't test as I don't use Qubes.

Sun, Jun 23, 8:25 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Unfortunately not. On Qubes-Whonix. Could be Non-Qubes-Whonix vs
Qubes-Whonix?

Sun, Jun 23, 7:53 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
madaidan added a comment to T631: re-enable tor-controlport-filter.service systemd hardening.

Does it work using this? It looks like it needs the openat syscall which it now allows.

Sun, Jun 23, 4:31 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)
Patrick updated subscribers of T631: re-enable tor-controlport-filter.service systemd hardening.

Does not work yet. @madaidan

Sun, Jun 23, 10:27 AM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

May 7 2019

Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:59 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:52 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
May 7 2019, 1:51 PM · Whonix, Apps, enhancement, usability

Apr 6 2019

Patrick removed a project from T386: meek Pluggable Transport: Debian version 10 codename Buster.
Apr 6 2019, 4:38 PM · enhancement, circumvention, Whonix
Patrick updated subscribers of T386: meek Pluggable Transport.
Apr 6 2019, 4:38 PM · enhancement, circumvention, Whonix

Mar 21 2019

Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 3:05 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 3:05 PM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Mar 21 2019, 3:05 PM · Whonix, Apps, enhancement, usability

Jan 23 2019

Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 11:15 AM · whonixcheck, upstream, enhancement, security, Whonix
Patrick updated the task description for T114: Permanent Takedown Attack Defender.
Jan 23 2019, 11:14 AM · whonixcheck, upstream, enhancement, security, Whonix

Jan 15 2019

Patrick updated the task description for T89: Whonix Control Panel.
Jan 15 2019, 8:48 AM · Whonix, Apps, enhancement, usability

Dec 7 2018

Patrick removed a project from T486: Disable conntrack helper?: Whonix 15.
Dec 7 2018, 12:08 PM · Whonix, whonix-ws-firewall, whonix-gw-firewall, enhancement, security
Patrick removed a project from T504: anon-connection-wizard development: Whonix 15.
Dec 7 2018, 12:07 PM · Whonix, anon-connection-wizard, python, usability, enhancement
Patrick removed a project from T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes): Whonix 15.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick assigned T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) to troubadour.
Dec 7 2018, 12:06 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick removed a project from T456: msgdispatcher_dispatch_x 'details' and 'more help' button to improve whonixcheck error messages etc. usability: Whonix 15.
Dec 7 2018, 12:05 PM · whonixcheck, msgcollector, enhancement, usability, Whonix, graphical user interface, python
Patrick removed a project from T533: iptables block network access until sdwdate succeeded: Whonix 15.
Dec 7 2018, 12:04 PM · Whonix, usability, whonix-ws-firewall, whonix-gw-firewall, iptables, python, security, enhancement, sdwdate-gui, sdwdate
Patrick removed a project from T387: Qubes-Whonix-Gateway as ClockVM: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, security, sdwdate, Whonix, Qubes
Patrick removed a project from T378: make vbox-disable-timesync compatible with guest additions from virtualbox CD: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, VirtualBox, vbox-disable-timesync, Whonix
Patrick removed a project from T362: systemd SystemCallFilter= containment option seccomp hardening: Whonix 15.
Dec 7 2018, 11:57 AM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick removed a project from T324: Add package needrestart: Whonix 15.
Dec 7 2018, 11:56 AM · upstream, usability, enhancement, anon-meta-packages, Whonix

Nov 20 2018

Patrick closed T69: Change KDE Theme and KDE Mouse Theme It's easy to do by manually using a mouse, but I haven't found out how to do it shipping a configuration file. After being done, update https://www.whonix.org/wiki/Dev/KDE from TODO to Done. as Wontfix.

https://forums.whonix.org/t/user-poll-xfce-vs-kde-kde-deprecation-considered/6235

Nov 20 2018, 5:00 PM · Whonix, kde, desktop, enhancement, security

Nov 12 2018

Patrick closed T373: Qubes templates: graphical updater (Apper) broken as Resolved.

Apper no longer installed by default.

Nov 12 2018, 8:47 AM · Qubes, usability, enhancement, Whonix
Patrick placed T373: Qubes templates: graphical updater (Apper) broken up for grabs.
Nov 12 2018, 8:43 AM · Qubes, usability, enhancement, Whonix

Oct 1 2018

Patrick placed T324: Add package needrestart up for grabs.
Oct 1 2018, 1:17 PM · upstream, usability, enhancement, anon-meta-packages, Whonix

Sep 20 2018

Patrick added a subtask for T387: Qubes-Whonix-Gateway as ClockVM: T856: whonix TemplateVM time fetching qrexec service.
Sep 20 2018, 11:45 AM · enhancement, security, sdwdate, Whonix, Qubes

Sep 11 2018

Patrick closed T457: install accessibility tools by default as Invalid.
Sep 11 2018, 7:41 PM · Whonix 15, enhancement, usability, Whonix, anon-meta-packages

Aug 15 2018

Patrick updated the task description for T362: systemd SystemCallFilter= containment option seccomp hardening.
Aug 15 2018, 1:06 PM · enhancement, whonixcheck, msgcollector, sdwdate, onion-grater (Control Port Filter Proxy), security, Debian version 9 codename Stretch, systemd, Whonix
Patrick updated the task description for T631: re-enable tor-controlport-filter.service systemd hardening.
Aug 15 2018, 1:04 PM · Whonix 15, Whonix, enhancement, systemd, onion-grater (Control Port Filter Proxy)

Aug 7 2018

Patrick renamed T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes) from make sdwdate-gui Qubes friendly to make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).
Aug 7 2018, 6:45 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 24 2018

Patrick renamed T388: document Spoof the Initial Virtual Hardware Clock Offset for KVM (biossystemtimeoffset) from document Spoof the Initial Virtual Hardware Clock Offset for KVM to document Spoof the Initial Virtual Hardware Clock Offset for KVM (biossystemtimeoffset).
Jul 24 2018, 11:52 AM · user documentation, enhancement, security, Whonix, KVM

Jul 21 2018

Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Created way to find out name of gateway from witin VM - qubesdb-read /qubes-gateway-name for it.

Jul 21 2018, 11:38 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 18 2018

marmarek added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

The easiest way would be to have a new entry for qubesdb-read, in addition to qubes-gateway which holds the IP address.
Something like qubesdb-read /qubes-gateway-name.

Jul 18 2018, 12:12 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 17 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

For the time being, the vm's whonix gateway is hard coded in two files, the one watching and sending sdwdate satus and the one sending the shutdown notification.

Jul 17 2018, 11:14 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

What happens in case of multiple Whonix-Gateway ProxyVMs? I.e. in case of sys-whonix, sys-whonix-two, etc.? How would anon-whonix-two know it has to connect to sys-whonix-two?

Jul 17 2018, 9:19 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 9 2018

Patrick added a comment to T56: Bridge Sanity Check.

From sdwdate log. Clock was right but I got this using a bridge.

Jul 9 2018, 8:10 AM · Whonix, sdwdate, security, enhancement

Jul 7 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Have run the fuzzer unit test simultaneously in sys-whonix and five anon-vm.

Jul 7 2018, 10:26 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jul 5 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Update, after my post in the forum.
https://forums.whonix.org/t/testers-wanted-blocking-networking-until-sdwdate-finished-status-of-sdwdate-gui/5372/3

Jul 5 2018, 9:35 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jun 23 2018

Patrick triaged T802: whonixcheck should check if torsocks IsolatePID stream isolation is functinoal as Normal priority.
Jun 23 2018, 9:57 AM · enhancement, easy, whonixcheck, Whonix 16, Whonix
Patrick updated the task description for T89: Whonix Control Panel.
Jun 23 2018, 6:56 AM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Jun 23 2018, 6:51 AM · Whonix, Apps, enhancement, usability
Patrick updated the task description for T89: Whonix Control Panel.
Jun 23 2018, 6:51 AM · Whonix, Apps, enhancement, usability

May 12 2018

Patrick added a comment to T386: meek Pluggable Transport.

meek might be dead by then:
https://forums.whonix.org/t/replacing-meek-snowflake

May 12 2018, 5:17 PM · enhancement, circumvention, Whonix

Apr 29 2018

HulaHoop added a comment to T114: Permanent Takedown Attack Defender.

The public tahoeLAFS introducer is dormant:
https://tahoe-lafs.org/pipermail/tahoe-dev/2018-April/009913.html

Apr 29 2018, 4:39 PM · whonixcheck, upstream, enhancement, security, Whonix

Mar 7 2018

Patrick closed T490: whonixcheck should test if network interfaces are up as Resolved.
Mar 7 2018, 1:56 AM · Whonix, usability, enhancement, Whonix 14, whonixcheck
Patrick closed T500: disable preview in nautilus by default as Resolved.
Mar 7 2018, 1:50 AM · Whonix 14, security-misc, enhancement, Whonix, security
Patrick added a comment to T464: replace rinetd with socat.

(superseded by systemd socket activation)

Mar 7 2018, 1:21 AM · enhancement, Whonix 14, anon-ws-disable-stacked-tor, Whonix
Patrick closed T464: replace rinetd with socat as Resolved.
Mar 7 2018, 1:21 AM · enhancement, Whonix 14, anon-ws-disable-stacked-tor, Whonix
Patrick closed T274: control-port-filter-proxy sd_notify support as Resolved.
Mar 7 2018, 1:19 AM · python, Whonix 14, Debian version 9 codename Stretch, enhancement, onion-grater (Control Port Filter Proxy), Whonix
Patrick closed T481: sdwdate should check if clock got changed behind our back as Resolved.
Mar 7 2018, 12:59 AM · Whonix 14, security, enhancement, sdwdate, Whonix
Patrick changed the status of T486: Disable conntrack helper? from Review to Open.
Mar 7 2018, 12:51 AM · Whonix, whonix-ws-firewall, whonix-gw-firewall, enhancement, security

Mar 5 2018

Patrick renamed T56: Bridge Sanity Check from Bridge Sanity Check (sdwdate plugin) to Bridge Sanity Check.
Mar 5 2018, 10:28 PM · Whonix, sdwdate, security, enhancement

Mar 4 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

A new Tor controller GUI.

Mar 4 2018, 11:03 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 28 2018

HulaHoop added a comment to T114: Permanent Takedown Attack Defender.

*Most recet info on test grid can be found from their freenode IRC channel

Feb 28 2018, 7:18 PM · whonixcheck, upstream, enhancement, security, Whonix

Feb 27 2018

HulaHoop added a comment to T114: Permanent Takedown Attack Defender.

Asked the devs some questions about integration:

Feb 27 2018, 6:34 PM · whonixcheck, upstream, enhancement, security, Whonix
HulaHoop added a comment to T114: Permanent Takedown Attack Defender.

Whonix project metadata could be distributed using Tahoe-LAFS - a redundant, encrypted storage array accessible over Tor. Instructions to users about alternative download mechanisms of the project's code and documentation can be passed thru this channel.

Feb 27 2018, 2:33 AM · whonixcheck, upstream, enhancement, security, Whonix

Feb 16 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Added the relevant icon in show_message (after resizing the sdwdate icons from mediawiki, the original are huge).

Feb 16 2018, 11:18 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 15 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Some progress here.

Feb 15 2018, 12:55 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 6 2018

Patrick removed a project from T520: install fteproxy by default in Whonix-Gateway when porting to Debian stretch: Debian version 9 codename Stretch.
Feb 6 2018, 1:03 AM · systemd, AppArmor, research, user documentation, enhancement, Whonix, circumvention

Feb 4 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

If possible: it should only show Tor restart gui / anon-connection-wizard if these are installed. Otherwise not show such a menu entry.

Feb 4 2018, 11:02 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Have pushed an updated version with Restart Tor and Anon Connection Wizard commands from the menu, so you can have an idea of the look and feel. This is of course not written in stone. The standalone restart-tor-gui was updated for testing. https://github.com/troubadoour/restart-tor-gui

Feb 4 2018, 9:10 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Implemented some defensive code against qubes-dband qubes-qrexec-agent just in case. Now if one or both of those services stop, it just ensures that the sdwdate-gui programs don't crash, and that's it.

Feb 4 2018, 4:48 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick edited projects for T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes), added: Whonix 15; removed Whonix 16.
Feb 4 2018, 3:16 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 3 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Implemented some defensive code against qubes-dband qubes-qrexec-agent just in case. Now if one or both of those services stop, it just ensures that the sdwdate-gui programs don't crash, and that's it.

Feb 3 2018, 11:15 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 2 2018

Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Only small issues for now.

Feb 2 2018, 3:47 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

sdwdate-gui-qubes will be shortly ready for packaging.
There are files for the gateway, files for the workstations, none for non-qubes environment. At this stage, for review, it would be easier to make a standalone package before merging in sdwdate-gui.

It was actually easier to merge directly, if only for the new user sdwdate-gui created in postint.

Feb 2 2018, 1:47 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Feb 1 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

sdwdate-gui-qubes will be shortly ready for packaging.

Feb 1 2018, 12:22 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jan 29 2018

marmarek added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Json handling looks fine. Not sure about using the data loaded from there - for example if self.message require sanitization. AFAIR some Qt widgets support html formatting, so it may be undesirable to allow that.

Jan 29 2018, 3:44 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Relevant code excerpt sdwdate.

Jan 29 2018, 3:37 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jan 26 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Probably no. But I,m not an expert in security or attacks.
pickle load deserialize an object, in our case a DICTionary. Anything not in that form would raise an exception.

How do you ensure that? Normally pickle.load would gladly deserialize any object, even if that results in executing code inside of it. See https://docs.python.org/3/library/pickle.html
Better use json or such if really a structure (rather than a single value) is needed.

Jan 26 2018, 9:11 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

What happens if a workstation is killed, and then later restarted?

Jan 26 2018, 8:52 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
marmarek added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Probably no. But I,m not an expert in security or attacks.
pickle load deserialize an object, in our case a DICTionary. Anything not in that form would raise an exception.

Jan 26 2018, 6:49 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Probably no. But I,m not an expert in security or attacks.

Jan 26 2018, 5:12 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jan 25 2018

Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Then //pickle.load status-file

Jan 25 2018, 2:35 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
Patrick added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Update.
The submenu commands are implemented. Looks nice and handy.

Jan 25 2018, 2:32 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

The submenu commands are implemented. Looks nice and handy.

Jan 25 2018, 12:21 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui

Jan 22 2018

troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

>>! In T534#15414, @marmarek wrote:

Jan 22 2018, 10:52 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
troubadour added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

troubadour

For now, the qrexec commands are issued from the workstations sdwdate-gui,
for practical reasons, the main one being that it's easy to restart sdwdate from there.
Obviously they'll have to be in sdwdate.

Patrick

Possibly, yes. Necessarily, maybe not. Keeping all the "if Qubes then"
logic outside of sdwdate may also be an option.

That would help a lot. There are not that many "if Qubes then" in sdwdate -- actually we also check if we are not in sys-whonix --, but when it comes to run the qrexec command in sdwdate, the problem begins. Have tried all sort of things to get the call, Popen or even os.system command working in sdwdate, to no avail, although call works in many other places.

Jan 22 2018, 10:42 PM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui
marmarek added a comment to T534: make sdwdate-gui Qubes friendly (sdwdate-gui-qubes).

Obviously they'll have to be in sdwdate. They are some issues regarding the format of the argument in qrexec-client-vm sys-whonix whonix.test+"[argument]" when it reaches the target vm. It's sanitized, no problem there, it can be parsed, but it's truncated at 51 bytes, which limits what we can pass.

Jan 22 2018, 3:11 AM · Whonix, python, Qubes, usability, security, enhancement, sdwdate, sdwdate-gui