Qubes-Whonix Security Enhancements - GSoC
74 views
Skip to first unread message
Harry S
Mar 15, 2020, 6:58:21 PM3/15/20
to qubes-devel
Greetings to all,
As per the pre-existing (although differently named) thread on Qubes-Whonix security disadvantages and seeing that Whonix didn't get a slot as an organisation for GSoC 2020 I would like to propose as an idea the implementation of security enhancements existing in non-Qubes Whonix, but not in Qubes-Whonix.
The scope of this effort is not GSoC per se, but as a daily Qubes-Whonix user (one who gets very frustrated over how the upgrades work *cough*) these are things that I would like to see in my system, kloak and tirdad being at the forefront of my agenda.
To answer the questions before they arrive, yes I have installed Qubes and have built my own templates (with an extreme frustration and time focused on the Arch template on R4.x), I am aware of the development practices and consider myself a mediocre to capable Qubes Administrator. I have done informative sessions about the project on the hackerspace.gr and I run thy Qubes through i3wm (config, dynamic keyboard layout changing) in a crusty HEADs powered thinkpad.
So, the questions at hand are the following:
- Is there interest for such a project to see the light of day through the SoC?
- Are there any interested mentors to bear with me? I would like Patrick Schleizer or Marek to mentor (both?) because of the scope of the enhancements.
I have participated in GSoC before and have done my whole development process "Qubes-native".
Please jump in and offer your opinion. Arch template is another thing I would like to see stabilizing; the above proposal concerns what I think is more urgent from my user perspective. In any case I'll draft a proposal and try to have some prototype set by the end of the week (tough schedule).
Regards,
Harry
PS: Frédéric, the install script for i3 is how I manage my in-VM configuration. Split-GNU Stow too good to be true?
Marek Marczykowski-Górecki
Mar 15, 2020, 7:25:33 PM3/15/20
to Harry S, qubes-devel, Patrick Schleizer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, Mar 15, 2020 at 03:58:21PM -0700, Harry S wrote:
> Greetings to all,
>
> As per the pre-existing (although differently named) thread on Qubes-Whonix
> security disadvantages
> <https://groups.google.com/forum/#!topic/qubes-devel/mzjxhPsO1Xo> and
> To answer the questions before they arrive, yes I have installed Qubes and
> have built my own templates (with an extreme frustration and time focused
> on the Arch template on R4.x), I am aware of the development practices and
> consider myself a mediocre to capable Qubes Administrator. I have done
> informative sessions about the project on the hackerspace.gr and I run thy
> Qubes through i3wm (config
> <https://github.com/luserx0/dotfiles/blob/master/config/i3/config_qubes>,
> dynamic keyboard layout changing
> <https://github.com/luserx0/dotfiles/blob/master/config/i3/modular/i3-xkb-change-layout>)
> - Are there any interested mentors to bear with me? I would like Patrick
> Schleizer or Marek to mentor (both?) because of the scope of the
> enhancements.
Adding Patrick.
I would be open to mentor for this project as well.
> I have participated in GSoC before
> <https://blog.freifunk.net/2019/08/26/bmx7-wireguard-tunneling-final-report/>
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl5uuWIACgkQ24/THMrX
1yy4bQf/f/B4cbp0iIyIUIIZnoO0DD1zesGYz2XM3Yg0pBBeDjrUWvhgIfVTOSgj
yi3NqInJ/pURcAqR92nkQfcbj1pQ53j58E91QRBzCUOEyC2xPgr12WVkpeX4Va2J
+uqmHFP/WTEdlIPumkI5cqoe8/yLYP4lPgJ3/XLHPFfYN0mvjt+ruWeYv4k59PmK
23qHkzfpAsbn5Zi48+F6EqVad8hgsYcb7lzKH4pLourt78KKGSKllIO7l3npKSyf
nUkKyKoKGmE3EQnNPNvVxRD3vwXGyQ6v0dHOE2vcDWKMaw58CvNUCIXMtMsUPpWW
bDaoBZ0bZXZGQ06Q4l828g4gI+l6lA==
=j/ed
-----END PGP SIGNATURE-----
Hash: SHA256
On Sun, Mar 15, 2020 at 03:58:21PM -0700, Harry S wrote:
> Greetings to all,
>
> As per the pre-existing (although differently named) thread on Qubes-Whonix
> security disadvantages
> seeing that Whonix didn't get a slot as an organisation for GSoC 2020 I
> would like to propose as an idea the implementation of security
> enhancements existing in non-Qubes Whonix, but not in Qubes-Whonix.
> The scope of this effort is not GSoC per se, but as a daily Qubes-Whonix
> user (one who gets very frustrated over how the upgrades work *cough*)
> these are things that I would like to see in my system, kloak and tirdad
> being at the forefront of my agenda.
Sounds like a very good project idea!
> would like to propose as an idea the implementation of security
> enhancements existing in non-Qubes Whonix, but not in Qubes-Whonix.
> The scope of this effort is not GSoC per se, but as a daily Qubes-Whonix
> user (one who gets very frustrated over how the upgrades work *cough*)
> these are things that I would like to see in my system, kloak and tirdad
> being at the forefront of my agenda.
> To answer the questions before they arrive, yes I have installed Qubes and
> have built my own templates (with an extreme frustration and time focused
> on the Arch template on R4.x), I am aware of the development practices and
> consider myself a mediocre to capable Qubes Administrator. I have done
> informative sessions about the project on the hackerspace.gr and I run thy
> Qubes through i3wm (config
> dynamic keyboard layout changing
> <https://github.com/luserx0/dotfiles/blob/master/config/i3/modular/i3-xkb-change-layout>)
> in a crusty HEADs powered thinkpad.
>
> So, the questions at hand are the following:
> - Is there interest for such a project to see the light of day through the
> SoC?
Yes, definitely.
>
> So, the questions at hand are the following:
> - Is there interest for such a project to see the light of day through the
> SoC?
> - Are there any interested mentors to bear with me? I would like Patrick
> Schleizer or Marek to mentor (both?) because of the scope of the
> enhancements.
I would be open to mentor for this project as well.
> I have participated in GSoC before
> and have done my whole development process "Qubes-native".
>
> Please jump in and offer your opinion. Arch template is another thing I
> would like to see stabilizing; the above proposal concerns what I think is
> more urgent from my user perspective. In any case I'll draft a proposal and
> try to have some prototype set by the end of the week (tough schedule).
>
> Regards,
> Harry
>
> PS: Frédéric, the install script for i3 is how I manage my in-VM
> configuration. Split-GNU Stow too good to be true?
>
- --
>
> Please jump in and offer your opinion. Arch template is another thing I
> would like to see stabilizing; the above proposal concerns what I think is
> more urgent from my user perspective. In any case I'll draft a proposal and
> try to have some prototype set by the end of the week (tough schedule).
>
> Regards,
> Harry
>
> PS: Frédéric, the install script for i3 is how I manage my in-VM
> configuration. Split-GNU Stow too good to be true?
>
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAl5uuWIACgkQ24/THMrX
1yy4bQf/f/B4cbp0iIyIUIIZnoO0DD1zesGYz2XM3Yg0pBBeDjrUWvhgIfVTOSgj
yi3NqInJ/pURcAqR92nkQfcbj1pQ53j58E91QRBzCUOEyC2xPgr12WVkpeX4Va2J
+uqmHFP/WTEdlIPumkI5cqoe8/yLYP4lPgJ3/XLHPFfYN0mvjt+ruWeYv4k59PmK
23qHkzfpAsbn5Zi48+F6EqVad8hgsYcb7lzKH4pLourt78KKGSKllIO7l3npKSyf
nUkKyKoKGmE3EQnNPNvVxRD3vwXGyQ6v0dHOE2vcDWKMaw58CvNUCIXMtMsUPpWW
bDaoBZ0bZXZGQ06Q4l828g4gI+l6lA==
=j/ed
-----END PGP SIGNATURE-----
Patrick Schleizer
Mar 16, 2020, 8:54:16 AM3/16/20
to qubes...@googlegroups.com, Whonix-devel
This is great. Yes, please work on this.
https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581
was updated just today.
You might want to to clarify the scope (explicitly naming which issues
you'd be working on) as this could be a quite big project.
Marek Marczykowski-Górecki:
solving myself such as
https://github.com/QubesOS/qubes-issues/issues/2558 - in that case I
can't help much.
Though, I can help in my usual capability as far as Whonix integration
is concerned. (See my usual online activity.)
Cheers,
Patrick
https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581
was updated just today.
You might want to to clarify the scope (explicitly naming which issues
you'd be working on) as this could be a quite big project.
Marek Marczykowski-Górecki:
> On Sun, Mar 15, 2020 at 03:58:21PM -0700, Harry S wrote:
>> - Are there any interested mentors to bear with me? I would like Patrick
>> Schleizer or Marek to mentor (both?) because of the scope of the
>> enhancements.
>
> Adding Patrick.
> I would be open to mentor for this project as well.
Many of these issues are Qubes specific issues that I couldn't be
>> - Are there any interested mentors to bear with me? I would like Patrick
>> Schleizer or Marek to mentor (both?) because of the scope of the
>> enhancements.
>
> Adding Patrick.
> I would be open to mentor for this project as well.
solving myself such as
https://github.com/QubesOS/qubes-issues/issues/2558 - in that case I
can't help much.
Though, I can help in my usual capability as far as Whonix integration
is concerned. (See my usual online activity.)
Cheers,
Patrick
Harry S
Mar 16, 2020, 9:58:55 AM3/16/20
to qubes-devel
Thank you for the fast replies.
As mentioned Patrick, kloak and tirdad are prime in the agenda. As I see the in-Kernel VM issue (which recently got a lot of traffic) is blocking progress. The parts of security-misc also make a lot of sense and I would like to see them happening too. LKRG I don't understand that much and maybe is out of scope given the restrictive timeline we'll have and the blocking 52xx issue.
Other things I would like to see and I think belong to the scope of this project are:
- https://github.com/QubesOS/qubes-issues/issues/2350 -- An application firewall like the one on Subgraph (rip)
- https://github.com/QubesOS/qubes-issues/issues/2724 -- Disabling the speaker output on Whonix (if relevant)
- Hidden service repos by default
- I know that Qubes/Whonix can run in a dedicated i2p mode which allows it to only build i2p connections. Creating by default such a template I would like to experiment on because of an idea of xmpp solely over i2p
- https://github.com/NateBrune/silk-guardian -- And a personal favorite (which should *already*be in security-misc)
There are a lot of ideas and all have a way of implementation. Sanitizers could be integrated as well.
The timeline cannot be calculated precisely as blocking issues and calculated hacks have to take place; if we establish the scope though I think the timeline will follow along. Here is why I proposed you two as mentors; your experience and expertise is needed to calculate and judge the situation.
Harry
Reply all
Reply to author
Forward
0 new messages