[Whonix-devel] Qubes-Whonix Security Disadvantages - Help Wanted!

Patrick Schleizer patrick-mailinglists at whonix.org
Wed Dec 4 07:54:11 CET 2019


kloak - Anti Keystroke Deanonymization

- https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak
- https://www.whonix.org/wiki/Keystroke_Deanonymization

* Already installed by default in Non-Qubes-Whonix for a long time.
* Not on the horizon for Qubes-Whonix. Qubes VM kernel non-default issue.
* Qubes issue: https://github.com/QubesOS/qubes-issues/issues/2558

----

Linux Kernel Runtime Guard (LKRG)

- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG

* Soon to be installed by default in Non-Qubes-Whonix.
* Not soon to be installed in Qubes-Whonix by default because Qubes is
not using Qubes VM kernel by default yet.
* Qubes issues:
  * https://github.com/QubesOS/qubes-issues/issues/5461
  * https://github.com/QubesOS/qubes-issues/issues/1850
  * https://github.com/QubesOS/qubes-issues/issues/5212

----

tirdad - TCP ISN CPU Information Leak Protection

- https://github.com/Whonix/tirdad

* Soon to be installed by default in Non-Qubes-Whonix.
* Not soon to be installed in Qubes-Whonix by default because Qubes is
not using Qubes VM kernel by default yet.
* Qubes issue: https://github.com/QubesOS/qubes-issues/issues/5212

----

Kernel Hardening through Kernel Boot Parameters

-
https://github.com/Whonix/security-misc/blob/master/etc/default/grub.d/40_kernel_hardening.cfg

* Already installed by default in Non-Qubes-Whonix for a long time.
* Not on the horizon for Qubes-Whonix. Qubes VM kernel non-default issue.
* Qubes issue: https://github.com/QubesOS/qubes-issues/issues/5212

----

Strong Linux User Account Separation / Protection against Bruteforcing
Linux User Account Passwords

- https://github.com/Whonix/security-misc
-
https://www.whonix.org/wiki/Dev/Permissions#Bruteforcing_Linux_User_Account_Passwords

* Already default in Non-Qubes-Whonix.
* Might be fixeable in Qubes-Whonix
  *
https://forums.whonix.org/t/qubes-sudo-su-root-hardening-development-discussion/8561
* Qubes issues:
  * https://github.com/QubesOS/qubes-core-agent-linux/pull/171
  * https://github.com/QubesOS/qubes-issues/issues/2695
  * https://github.com/QubesOS/qubes-issues/issues/1885

----

Please help fixing these issues!

-----

This was originally posted here:

https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581

https://twitter.com/Whonix/status/1201050814900588544


More information about the Whonix-devel mailing list