Page MenuHomePhabricator

Whonix-HostProject
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.

Details

Description

Whonix Host Additions / Whonix Host Operating System

Recent Activity

Sat, Jul 6

Patrick added a comment to T904: make sure there is no swap by default.

There is none indeed for VMs but it has to be re-checked once/if Whonix-Host becomes a thing.

Sat, Jul 6, 12:30 PM · Whonix-Host, Whonix

Jun 14 2019

Patrick created T915: sdwdate connectivity check host support.
Jun 14 2019, 11:34 AM · Whonix, Whonix-Host

May 22 2019

HulaHoop added a comment to T901: package and test wiperam for Debian.

https://github.com/AvANa-BBS/freepto-lb/issues/53

May 22 2019, 7:42 AM · Whonix-Host, Whonix

May 16 2019

Patrick added a comment to T904: make sure there is no swap by default.

madaidan (madaidan):

madaidan added a comment.

> We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.
I can test it for that too. Where do I download it?
May 16 2019, 12:16 PM · Whonix-Host, Whonix

May 12 2019

madaidan added a comment to T904: make sure there is no swap by default.

We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.

May 12 2019, 2:34 PM · Whonix-Host, Whonix
Patrick added a comment to T904: make sure there is no swap by default.

Thanks for testing! Would have been surprising if there was.

May 12 2019, 12:53 PM · Whonix-Host, Whonix

May 10 2019

madaidan added a comment to T904: make sure there is no swap by default.

There is none. You can run swapon -s or cat /proc/swaps to verify.

May 10 2019, 5:55 PM · Whonix-Host, Whonix
madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

No, I mean the upstream repository thunar-volman by XFCE developers.

May 10 2019, 5:47 PM · Whonix-Host, Whonix
Patrick added a comment to T902: disable removable drives auto-mounting - XFCE only.

madaidan (madaidan):

madaidan added a comment.

> Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.
debian/thunar-volman.xml has all the default settings for auto-mounting if that's what you mean.
May 10 2019, 2:43 AM · Whonix-Host, Whonix

May 9 2019

madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.

May 9 2019, 7:24 PM · Whonix-Host, Whonix
Patrick changed the status of T902: disable removable drives auto-mounting - XFCE only from Open to Review.

Debian buster package thunar-volman (thunar-volman-0.9.1) contains a file debian/thunar-volman.xml

May 9 2019, 3:31 AM · Whonix-Host, Whonix
Patrick updated subscribers of T902: disable removable drives auto-mounting - XFCE only.
May 9 2019, 3:21 AM · Whonix-Host, Whonix

May 8 2019

madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

Automounting can be configured in /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.conf

May 8 2019, 10:27 PM · Whonix-Host, Whonix

Apr 23 2019

Patrick updated the task description for T909: instructions how to copy Whonix Host image to disk.
Apr 23 2019, 3:45 PM · user documentation, Whonix, Whonix-Host
Patrick triaged T910: amnesia testing of Whonix-Host in Live mode as Normal priority.
Apr 23 2019, 3:29 PM · Whonix-Host, Whonix
Patrick triaged T909: instructions how to copy Whonix Host image to disk as Normal priority.
Apr 23 2019, 2:38 PM · user documentation, Whonix, Whonix-Host
Patrick triaged T908: copy Whonix VM images to Whonix-Host and set up during build as Normal priority.
Apr 23 2019, 1:41 PM · build, VirtualBox, Whonix, Whonix-Host
Patrick updated the task description for T906: encrypt Whonix-Host disk after first boot.
Apr 23 2019, 1:20 PM · Whonix-Host, Whonix
Patrick renamed T907: resize disk image at first boot of Whonix Host from resize disk image at first boot to resize disk image at first boot of Whonix Host.
Apr 23 2019, 12:54 PM · Whonix-Host, Whonix
Patrick triaged T906: encrypt Whonix-Host disk after first boot as Normal priority.
Apr 23 2019, 12:47 PM · Whonix-Host, Whonix
Patrick updated the task description for T905: emergency shutdown on USB removal.
Apr 23 2019, 12:40 PM · Whonix-Host, Whonix
Patrick updated the task description for T905: emergency shutdown on USB removal.
Apr 23 2019, 12:39 PM · Whonix-Host, Whonix
Patrick updated the task description for T552: Packaging USBKill.
Apr 23 2019, 12:39 PM · Whonix-Host, security, Whonix
Patrick updated the task description for T552: Packaging USBKill.
Apr 23 2019, 12:38 PM · Whonix-Host, security, Whonix
Patrick closed T485: whonix-host-qemu-kvm package has an unmet dependency. Depends: whonix-host-shared but is not installable as Invalid.

No such package anymore.

Apr 23 2019, 12:36 PM · anon-meta-packages, Whonix, Whonix-Host
Patrick triaged T905: emergency shutdown on USB removal as Normal priority.
Apr 23 2019, 12:31 PM · Whonix-Host, Whonix
Patrick triaged T904: make sure there is no swap by default as Normal priority.
Apr 23 2019, 12:30 PM · Whonix-Host, Whonix
Patrick triaged T903: find new name for Hardened Debian and rename it as Normal priority.
Apr 23 2019, 12:25 PM · Whonix, Whonix-Host
Patrick triaged T902: disable removable drives auto-mounting - XFCE only as Normal priority.
Apr 23 2019, 12:24 PM · Whonix-Host, Whonix
Patrick triaged T901: package and test wiperam for Debian as Normal priority.
Apr 23 2019, 12:22 PM · Whonix-Host, Whonix

Mar 1 2018

HulaHoop added a comment to T550: Clock Drift Detection.

NB for the record: with qemu-ga a guest can still shut itself off via crafted input to the agent. So besides removing timer access to the guest, there was no other advantage to removing ACPI.

Mar 1 2018, 6:13 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Actually we don't have to suspend the guest. Execution of any command on the host after resume is enough to create a uniqu event in the qemu-ga's log file.

Mar 1 2018, 4:34 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The proper and direct way to use virsh to communicate with guest agent:

Mar 1 2018, 12:53 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The YAJL parser used in libvirt is tiny, modern (written in2007) and has no CVEs. It is an SAX type event-driven parser unlike the vulnerable, top-down recursive descent type that was used in QEMU.

Mar 1 2018, 12:03 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 28 2018

HulaHoop added a comment to T550: Clock Drift Detection.

https://wiki.libvirt.org/page/Qemu_guest_agent

Feb 28 2018, 11:39 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

It turns out the QEMU guest agent warning was not relevant to those who use libvirt. With libvirt a safe parser is used. Breakouts can only happen if a process on the host is designed to parse guest input because there is no way to control that otherwise it should be safe for our uses. This potentially simplifies the design in many respects but a host package will still be needed. I will update the task list.

Feb 28 2018, 8:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

https://www.redhat.com/archives/libvirt-users/2018-February/msg00083.html
[libvirt-users] QEMU guest-agent safety in hostile VM?

Feb 28 2018, 7:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 14 2018

HulaHoop added a comment to T550: Clock Drift Detection.

Yes there are less moving parts especially when multiple WSs share a GW. Some way to exempt timesync traffic from the WS would be needed though.

Feb 14 2018, 1:12 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 12 2018

Patrick added a comment to T550: Clock Drift Detection.

HulaHoop (HulaHoop):

HulaHoop added a comment.
With qemu-ga code the whole clock drift detection code becomes redundant. If a
suspend event is triggered the GW should assume clocks are out of sync and
trigger lockdown.

Feb 12 2018, 11:01 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

With qemu-ga code the hwclock drift detection code becomes redundant. If a suspend event is triggered the GW should assume clocks are out of sync and trigger lockdown.

Feb 12 2018, 5:23 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Oops didn't realize ntpdate requires query of remote servers. ntpdate is obsolete anyhow but the newer clockdiff still talks to online servers instead of comparing local values. hwclock can give us that:

Feb 12 2018, 4:52 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a comment to T550: Clock Drift Detection.

It's a very good rehash!

Feb 12 2018, 10:43 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 11 2018

HulaHoop added a comment to T550: Clock Drift Detection.

@Patrick I wrote a rehash. If you think is too complicated, let me know. It was the simplest and most reliable way I could think of:

Feb 11 2018, 6:09 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 4 2018

Patrick added a comment to T550: Clock Drift Detection.

Didn't rehash. What's next here? Looks like we learned a lot, but then things stalled. Could you please rehash, and then create a follow-up ticket with the way forward? @HulaHoop

Feb 4 2018, 4:17 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Sep 23 2016

marmarek added a comment to T553: Emergency Crash Script to Protect Host FDE.

On Qubes it results in kernel message: sysrq: SysRq : This sysrq operation is disabled.
Default value of /proc/sys/kernel/sysrq on Qubes dom0 is 16. Changing to 1 does not work either:

[1363616.422789] sysrq: SysRq : Power Off
[1363616.423456] xenbus: xenbus_dev_shutdown: backend/console/1069/0: Initialising != Connected, skipping
[1363621.427069] xenbus: xenbus_dev_shutdown: backend/vbd/1069/51760 timeout closing device
[1363626.430065] xenbus: xenbus_dev_shutdown: backend/vbd/1069/51744 timeout closing device
[1363631.434062] xenbus: xenbus_dev_shutdown: backend/vbd/1069/51728 timeout closing device
[1363636.437593] xenbus: xenbus_dev_shutdown: backend/vbd/1069/51712 timeout closing device
[1363636.437595] xenbus: xenbus_dev_shutdown: backend/console/1068/0: Initialising != Connected, skipping
[1363641.441056] xenbus: xenbus_dev_shutdown: backend/vbd/1068/51760 timeout closing device
[1363646.443064] xenbus: xenbus_dev_shutdown: backend/vbd/1068/51744 timeout closing device
[1363651.446038] xenbus: xenbus_dev_shutdown: backend/vbd/1068/51728 timeout closing device
[1363656.447016] xenbus: xenbus_dev_shutdown: backend/vbd/1068/51712 timeout closing device
[1363656.447016] xenbus: xenbus_dev_shutdown: backend/console/1067/0: Initialising != Connected, skipping
[1363661.448050] xenbus: xenbus_dev_shutdown: backend/vbd/1067/51760 timeout closing device
[1363666.451077] xenbus: xenbus_dev_shutdown: backend/vbd/1067/51744 timeout closing device
[1363671.454069] xenbus: xenbus_dev_shutdown: backend/vbd/1067/51728 timeout closing device
[1363676.457060] xenbus: xenbus_dev_shutdown: backend/vbd/1067/51712 timeout closing device
[1363676.457118] xenbus: xenbus_dev_shutdown: backend/console/711/0: Initialising != Connected, skipping
[1363681.460065] xenbus: xenbus_dev_shutdown: backend/vbd/711/51760 timeout closing device

And finally shutdown after timing out for every VM - 20s per VM. Not good, at least.
Sysrq-c makes dom0 frozen for some time (5s?) and then reboots. Also after changing sysctl setting.

Sep 23 2016, 9:43 PM · user documentation, Whonix 14, Whonix, Whonix-Host
HulaHoop closed T553: Emergency Crash Script to Protect Host FDE as Resolved.
Sep 23 2016, 8:43 PM · user documentation, Whonix 14, Whonix, Whonix-Host
HulaHoop added a comment to T553: Emergency Crash Script to Protect Host FDE.

Tested working without sysctl changes on Linux baremetal. Not supported on Xen.

Sep 23 2016, 8:43 PM · user documentation, Whonix 14, Whonix, Whonix-Host

Sep 21 2016

Patrick added projects to T553: Emergency Crash Script to Protect Host FDE: Whonix 14, user documentation.
Sep 21 2016, 1:58 AM · user documentation, Whonix 14, Whonix, Whonix-Host

Sep 20 2016

HulaHoop reopened T553: Emergency Crash Script to Protect Host FDE as "Review".

Apparently this feature is enabled on Debian hosts by default (so no package needed). Please test the key combination to confirm so I can document it.

Sep 20 2016, 4:29 AM · user documentation, Whonix 14, Whonix, Whonix-Host

Sep 2 2016

HulaHoop added a comment to T550: Clock Drift Detection.

These KDE menus are disabled by Whonix. In plain Debian VMs these should

be visible.

Sep 2 2016, 4:13 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix