Page MenuHomePhabricator

Whonix-HostProject
ActivePublic

Members (1)

Watchers

  • This project does not have any watchers.

Details

Description

Whonix Host Additions / Whonix Host Operating System

Recent Activity

Thu, May 16

Patrick added a comment to T904: make sure there is no swap by default.

madaidan (madaidan):

madaidan added a comment.

> We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.

I can test it for that too. Where do I download it?
Thu, May 16, 12:16 PM · Whonix, Whonix-Host

Sun, May 12

madaidan added a comment to T904: make sure there is no swap by default.

We need to re-check this for Whonix Host. Since it gets installed using calamares (which handles partitioning) there could be an unwanted swap partition.

Sun, May 12, 2:34 PM · Whonix, Whonix-Host
Patrick added a comment to T904: make sure there is no swap by default.

Thanks for testing! Would have been surprising if there was.

Sun, May 12, 12:53 PM · Whonix, Whonix-Host

Fri, May 10

madaidan added a comment to T904: make sure there is no swap by default.

There is none. You can run swapon -s or cat /proc/swaps to verify.

Fri, May 10, 5:55 PM · Whonix, Whonix-Host
madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

No, I mean the upstream repository thunar-volman by XFCE developers.

Fri, May 10, 5:47 PM · Whonix-Host, Whonix
Patrick added a comment to T902: disable removable drives auto-mounting - XFCE only.

madaidan (madaidan):

madaidan added a comment.

> Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.

debian/thunar-volman.xml has all the default settings for auto-mounting if that's what you mean.
Fri, May 10, 2:43 AM · Whonix-Host, Whonix

Thu, May 9

madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

Can you see from thunar-volman source code where defaults are configured? Would be good to watch for future versions.

Thu, May 9, 7:24 PM · Whonix-Host, Whonix
Patrick changed the status of T902: disable removable drives auto-mounting - XFCE only from Open to Review.

Debian buster package thunar-volman (thunar-volman-0.9.1) contains a file debian/thunar-volman.xml

Thu, May 9, 3:31 AM · Whonix-Host, Whonix
Patrick updated subscribers of T902: disable removable drives auto-mounting - XFCE only.
Thu, May 9, 3:21 AM · Whonix-Host, Whonix

Wed, May 8

madaidan added a comment to T902: disable removable drives auto-mounting - XFCE only.

Automounting can be configured in /etc/xdg/xfce4/xfconf/xfce-perchannel-xml/thunar-volman.conf

Wed, May 8, 10:27 PM · Whonix-Host, Whonix

Tue, Apr 23

Patrick updated the task description for T909: instructions how to copy Whonix Host image to disk.
Tue, Apr 23, 3:45 PM · user documentation, Whonix-Host, Whonix
Patrick triaged T910: amnesia testing of Whonix-Host in Live mode as Normal priority.
Tue, Apr 23, 3:29 PM · Whonix, Whonix-Host
Patrick triaged T909: instructions how to copy Whonix Host image to disk as Normal priority.
Tue, Apr 23, 2:38 PM · user documentation, Whonix-Host, Whonix
Patrick triaged T908: copy Whonix VM images to Whonix-Host and set up during build as Normal priority.
Tue, Apr 23, 1:41 PM · build, VirtualBox, Whonix, Whonix-Host
Patrick updated the task description for T906: encrypt Whonix-Host disk after first boot.
Tue, Apr 23, 1:20 PM · Whonix, Whonix-Host
Patrick renamed T907: resize disk image at first boot of Whonix Host from resize disk image at first boot to resize disk image at first boot of Whonix Host.
Tue, Apr 23, 12:54 PM · Whonix-Host, Whonix
Patrick triaged T906: encrypt Whonix-Host disk after first boot as Normal priority.
Tue, Apr 23, 12:47 PM · Whonix, Whonix-Host
Patrick updated the task description for T905: emergency shutdown on USB removal.
Tue, Apr 23, 12:40 PM · Whonix-Host, Whonix
Patrick updated the task description for T905: emergency shutdown on USB removal.
Tue, Apr 23, 12:39 PM · Whonix-Host, Whonix
Patrick updated the task description for T552: Packaging USBKill.
Tue, Apr 23, 12:39 PM · Whonix-Host, security, Whonix
Patrick updated the task description for T552: Packaging USBKill.
Tue, Apr 23, 12:38 PM · Whonix-Host, security, Whonix
Patrick closed T485: whonix-host-qemu-kvm package has an unmet dependency. Depends: whonix-host-shared but is not installable as Invalid.

No such package anymore.

Tue, Apr 23, 12:36 PM · anon-meta-packages, Whonix, Whonix-Host
Patrick triaged T905: emergency shutdown on USB removal as Normal priority.
Tue, Apr 23, 12:31 PM · Whonix-Host, Whonix
Patrick triaged T904: make sure there is no swap by default as Normal priority.
Tue, Apr 23, 12:30 PM · Whonix, Whonix-Host
Patrick triaged T903: find new name for Hardened Debian and rename it as Normal priority.
Tue, Apr 23, 12:25 PM · Whonix-Host, Whonix
Patrick triaged T902: disable removable drives auto-mounting - XFCE only as Normal priority.
Tue, Apr 23, 12:24 PM · Whonix-Host, Whonix
Patrick triaged T901: package and test wiperam for Debian as Normal priority.
Tue, Apr 23, 12:22 PM · Whonix-Host, Whonix

Mar 1 2018

HulaHoop added a comment to T550: Clock Drift Detection.

NB for the record: with qemu-ga a guest can still shut itself off via crafted input to the agent. So besides removing timer access to the guest, there was no other advantage to removing ACPI.

Mar 1 2018, 6:13 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Actually we don't have to suspend the guest. Execution of any command on the host after resume is enough to create a uniqu event in the qemu-ga's log file.

Mar 1 2018, 4:34 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The proper and direct way to use virsh to communicate with guest agent:

Mar 1 2018, 12:53 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

The YAJL parser used in libvirt is tiny, modern (written in2007) and has no CVEs. It is an SAX type event-driven parser unlike the vulnerable, top-down recursive descent type that was used in QEMU.

Mar 1 2018, 12:03 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 28 2018

HulaHoop added a comment to T550: Clock Drift Detection.

https://wiki.libvirt.org/page/Qemu_guest_agent

Feb 28 2018, 11:39 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

It turns out the QEMU guest agent warning was not relevant to those who use libvirt. With libvirt a safe parser is used. Breakouts can only happen if a process on the host is designed to parse guest input because there is no way to control that otherwise it should be safe for our uses. This potentially simplifies the design in many respects but a host package will still be needed. I will update the task list.

Feb 28 2018, 8:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

https://www.redhat.com/archives/libvirt-users/2018-February/msg00083.html
[libvirt-users] QEMU guest-agent safety in hostile VM?

Feb 28 2018, 7:40 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 14 2018

HulaHoop added a comment to T550: Clock Drift Detection.

Yes there are less moving parts especially when multiple WSs share a GW. Some way to exempt timesync traffic from the WS would be needed though.

Feb 14 2018, 1:12 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 12 2018

Patrick added a comment to T550: Clock Drift Detection.

HulaHoop (HulaHoop):

HulaHoop added a comment.

With qemu-ga code the whole clock drift detection code becomes redundant. If a
suspend event is triggered the GW should assume clocks are out of sync and
trigger lockdown.

Feb 12 2018, 11:01 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

With qemu-ga code the hwclock drift detection code becomes redundant. If a suspend event is triggered the GW should assume clocks are out of sync and trigger lockdown.

Feb 12 2018, 5:23 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop added a comment to T550: Clock Drift Detection.

Oops didn't realize ntpdate requires query of remote servers. ntpdate is obsolete anyhow but the newer clockdiff still talks to online servers instead of comparing local values. hwclock can give us that:

Feb 12 2018, 4:52 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a comment to T550: Clock Drift Detection.

It's a very good rehash!

Feb 12 2018, 10:43 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 11 2018

HulaHoop added a comment to T550: Clock Drift Detection.

@Patrick I wrote a rehash. If you think is too complicated, let me know. It was the simplest and most reliable way I could think of:

Feb 11 2018, 6:09 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Feb 4 2018

Patrick added a comment to T550: Clock Drift Detection.

Didn't rehash. What's next here? Looks like we learned a lot, but then things stalled. Could you please rehash, and then create a follow-up ticket with the way forward? @HulaHoop

Feb 4 2018, 4:17 PM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix

Sep 23 2016

marmarek added a comment to T553: Emergency Crash Script to Protect Host FDE.

On Qubes it results in kernel message: sysrq: SysRq : This sysrq operation is disabled.
Default value of /proc/sys/kernel/sysrq on Qubes dom0 is 16. Changing to 1 does not work either:

[1363616.422789] sysrq: SysRq : Power Off
[1363616.423456] xenbus: xenbus_dev_shutdown: backend/console/1069/0: Initialising != Connected, skipping
[1363621.427069] xenbus: xenbus_dev_shutdown: backend/vbd/1069/51760 timeout closing device
[1363626.430065] xenbus: xenbus_dev_shutdown: backend/vbd/1069/51744 timeout closing device
[1363631.434062] xenbus: xenbus_dev_shutdown: backend/vbd/1069/51728 timeout closing device
[1363636.437593] xenbus: xenbus_dev_shutdown: backend/vbd/1069/51712 timeout closing device
[1363636.437595] xenbus: xenbus_dev_shutdown: backend/console/1068/0: Initialising != Connected, skipping
[1363641.441056] xenbus: xenbus_dev_shutdown: backend/vbd/1068/51760 timeout closing device
[1363646.443064] xenbus: xenbus_dev_shutdown: backend/vbd/1068/51744 timeout closing device
[1363651.446038] xenbus: xenbus_dev_shutdown: backend/vbd/1068/51728 timeout closing device
[1363656.447016] xenbus: xenbus_dev_shutdown: backend/vbd/1068/51712 timeout closing device
[1363656.447016] xenbus: xenbus_dev_shutdown: backend/console/1067/0: Initialising != Connected, skipping
[1363661.448050] xenbus: xenbus_dev_shutdown: backend/vbd/1067/51760 timeout closing device
[1363666.451077] xenbus: xenbus_dev_shutdown: backend/vbd/1067/51744 timeout closing device
[1363671.454069] xenbus: xenbus_dev_shutdown: backend/vbd/1067/51728 timeout closing device
[1363676.457060] xenbus: xenbus_dev_shutdown: backend/vbd/1067/51712 timeout closing device
[1363676.457118] xenbus: xenbus_dev_shutdown: backend/console/711/0: Initialising != Connected, skipping
[1363681.460065] xenbus: xenbus_dev_shutdown: backend/vbd/711/51760 timeout closing device

And finally shutdown after timing out for every VM - 20s per VM. Not good, at least.
Sysrq-c makes dom0 frozen for some time (5s?) and then reboots. Also after changing sysctl setting.

Sep 23 2016, 9:43 PM · user documentation, Whonix 14, Whonix, Whonix-Host
HulaHoop closed T553: Emergency Crash Script to Protect Host FDE as Resolved.
Sep 23 2016, 8:43 PM · user documentation, Whonix 14, Whonix, Whonix-Host
HulaHoop added a comment to T553: Emergency Crash Script to Protect Host FDE.

Tested working without sysctl changes on Linux baremetal. Not supported on Xen.

Sep 23 2016, 8:43 PM · user documentation, Whonix 14, Whonix, Whonix-Host

Sep 21 2016

Patrick added projects to T553: Emergency Crash Script to Protect Host FDE: Whonix 14, user documentation.
Sep 21 2016, 1:58 AM · user documentation, Whonix 14, Whonix, Whonix-Host

Sep 20 2016

HulaHoop reopened T553: Emergency Crash Script to Protect Host FDE as "Review".

Apparently this feature is enabled on Debian hosts by default (so no package needed). Please test the key combination to confirm so I can document it.

Sep 20 2016, 4:29 AM · user documentation, Whonix 14, Whonix, Whonix-Host

Sep 2 2016

HulaHoop added a comment to T550: Clock Drift Detection.

These KDE menus are disabled by Whonix. In plain Debian VMs these should

be visible.

Sep 2 2016, 4:13 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
Patrick added a comment to T553: Emergency Crash Script to Protect Host FDE.

Host panic key instructions (or some day a package) would still be
desirable.

Sep 2 2016, 2:03 AM · user documentation, Whonix 14, Whonix, Whonix-Host
Patrick added a comment to T550: Clock Drift Detection.

HulaHoop (HulaHoop):

Tested enabling pm settings in KVM and I don't see suspend/hibernate in the VM power options in the menu.

Sep 2 2016, 2:02 AM · Whonix-Host, VirtualBox, KVM, sdwdate, Whonix
HulaHoop closed T553: Emergency Crash Script to Protect Host FDE as Invalid.
Sep 2 2016, 1:53 AM · user documentation, Whonix 14, Whonix, Whonix-Host