Whonix Host Additions / Whonix Host Operating System
Tue, Jan 7
An interesting product that triggers a system wipe if the cable is pulled:
Dec 5 2019
Aug 21 2019
Should work on manual invocation.
For the record, this is the diff being generated.
Aug 19 2019
Jul 6 2019
There is none indeed for VMs but it has to be re-checked once/if Whonix-Host becomes a thing.
Jun 14 2019
May 22 2019
May 16 2019
madaidan added a comment.> We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition. I can test it for that too. Where do I download it?
May 12 2019
We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.
Thanks for testing! Would have been surprising if there was.
May 10 2019
There is none. You can run swapon -s or cat /proc/swaps to verify.
No, I mean the upstream repository thunar-volman by XFCE developers.
madaidan added a comment.> Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions. debian/thunar-volman.xml has all the default settings for auto-mounting if that's what you mean.
May 9 2019
Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.
Debian buster package thunar-volman (thunar-volman-0.9.1) contains a file debian/thunar-volman.xml
May 8 2019
Automounting can be configured in /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.conf
Apr 23 2019
No such package anymore.
Mar 1 2018
NB for the record: with qemu-ga a guest can still shut itself off via crafted input to the agent. So besides removing timer access to the guest, there was no other advantage to removing ACPI.
Actually we don't have to suspend the guest. Execution of any command on the host after resume is enough to create a uniqu event in the qemu-ga's log file.
The proper and direct way to use virsh to communicate with guest agent:
The YAJL parser used in libvirt is tiny, modern (written in2007) and has no CVEs. It is an SAX type event-driven parser unlike the vulnerable, top-down recursive descent type that was used in QEMU.
Feb 28 2018
It turns out the QEMU guest agent warning was not relevant to those who use libvirt. With libvirt a safe parser is used. Breakouts can only happen if a process on the host is designed to parse guest input because there is no way to control that otherwise it should be safe for our uses. This potentially simplifies the design in many respects but a host package will still be needed. I will update the task list.
[libvirt-users] QEMU guest-agent safety in hostile VM?
Feb 14 2018
Yes there are less moving parts especially when multiple WSs share a GW. Some way to exempt timesync traffic from the WS would be needed though.
Feb 12 2018
HulaHoop added a comment.
With qemu-ga code the whole clock drift detection code becomes redundant. If a
suspend event is triggered the GW should assume clocks are out of sync and
With qemu-ga code the hwclock drift detection code becomes redundant. If a suspend event is triggered the GW should assume clocks are out of sync and trigger lockdown.
Oops didn't realize ntpdate requires query of remote servers. ntpdate is obsolete anyhow but the newer clockdiff still talks to online servers instead of comparing local values. hwclock can give us that: