Aug 13 2020
Aug 12 2020
After running a bunch of tcp ping tests, the conclusion is this attack
is not really effective against TCP like ICMP. The latency is much lower
for TCP pings and though it slightly decreases with cpu stress it is not
consistent. Reloading pages in TBB with cpu stress
on/off does not impact latency readings while doing so with tc
attached has massive latency foot prints - implying it will ironically make such attacks much easier in addition to degrading performance.
Aug 7 2020
Cyrus recommends adding delays per packet to disrupt inter-packet patterns that remain. The command can be fine tuned as such:
Aug 1 2020
The good news is I think I've figured out the equivalent tc-netem command looking the slot parameter in the manual:
May 30 2020
Ticket above closed and convo moved to tails-dev.
Dec 23 2019
We should be able to create a drop-in file at /lib/systemd/system/user-.slice.d/ and add something such as
Dec 22 2019
Oct 15 2019
Oct 13 2019
Analysis by Cyrus cited here for completion:
Oct 6 2019
Reported build failures:
When an implementation is decided, let's decide if we can include this in security-misc for use on Linux hosts and Kicksecure. We would need some way in detecting the active NIC since on wireless systems wlan0 is the interface of choice and not eth0
tc-netem is a utility that is part of the iproute2 package in Debian. It leverages functionality already built into Linux and userspace utilities to simulate networks including packet delays and loss.
Jul 22 2019
Whonix 15 has since come out. Has this been resolved? Not reproducible on Debian Buster either.
This bug does not exist on Debian stable after I upgraded. I have it documented for Arch and a work around for it. Nothing more to be done on my end.
Apr 6 2019
Apr 4 2019
Please kindly consider jointing the related discussion improving compression of Whonix image downloads:
Mar 1 2019
I reopened this because KVM page (https://www.whonix.org/wiki/KVM#Arch_Linux) explicitly mentions Arch as a host OS.
If someone here is using Arch as well, maybe you guys can reproduce this after all. Also see my previous comment.
Feb 23 2019
I'm using Arch.
All the software versions (libvirt, QEMU, virt-viewer, kernel) are deemed stable upstream (by their respective developers, not by Debian folks).
Feb 21 2019
What distro are you using?
Feb 9 2019
Dec 9 2018
Dec 7 2018
Oct 15 2018
Oct 13 2018
Sorry not reproducible on my end. May be related to the fact that you are running a non-standard setup with custom compiled binaries. By running packages from your distro there is a higher chance that bugs are more visible for more people and more likely to be fixed.
Oct 12 2018
made no difference.
It could be the VM is confused because apparently there are two types of mice attached. I assumed that by adding virtio-mouse it would override and replace the emulated one. Turns out its not this way and I went ahead and reverted this config which should be effective in the next release.
Oct 8 2018
Aug 9 2018
Jul 24 2018
Jun 30 2018
Apr 30 2018
virt-sparsify solution dropped because needs booting the image with qemu-system (not clean, to much unknown consequences, see attached ouptut).
Apr 26 2018
Mar 1 2018
NB for the record: with qemu-ga a guest can still shut itself off via crafted input to the agent. So besides removing timer access to the guest, there was no other advantage to removing ACPI.
Actually we don't have to suspend the guest. Execution of any command on the host after resume is enough to create a uniqu event in the qemu-ga's log file.
The proper and direct way to use virsh to communicate with guest agent:
The YAJL parser used in libvirt is tiny, modern (written in2007) and has no CVEs. It is an SAX type event-driven parser unlike the vulnerable, top-down recursive descent type that was used in QEMU.
Feb 28 2018
It turns out the QEMU guest agent warning was not relevant to those who use libvirt. With libvirt a safe parser is used. Breakouts can only happen if a process on the host is designed to parse guest input because there is no way to control that otherwise it should be safe for our uses. This potentially simplifies the design in many respects but a host package will still be needed. I will update the task list.