Qubes-Whonix Security Disadvantages - Help Wanted!
84 views
Skip to first unread message
Patrick Schleizer
Dec 4, 2019, 1:53:25 AM12/4/19
to qubes...@googlegroups.com, Whonix-devel
kloak - Anti Keystroke Deanonymization
- https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak
- https://www.whonix.org/wiki/Keystroke_Deanonymization
* Already installed by default in Non-Qubes-Whonix for a long time.
* Not on the horizon for Qubes-Whonix. Qubes VM kernel non-default issue.
* Qubes issue: https://github.com/QubesOS/qubes-issues/issues/2558
----
Linux Kernel Runtime Guard (LKRG)
- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG
* Soon to be installed by default in Non-Qubes-Whonix.
* Not soon to be installed in Qubes-Whonix by default because Qubes is
not using Qubes VM kernel by default yet.
* Qubes issues:
* https://github.com/QubesOS/qubes-issues/issues/5461
* https://github.com/QubesOS/qubes-issues/issues/1850
* https://github.com/QubesOS/qubes-issues/issues/5212
----
tirdad - TCP ISN CPU Information Leak Protection
- https://github.com/Whonix/tirdad
* Soon to be installed by default in Non-Qubes-Whonix.
* Not soon to be installed in Qubes-Whonix by default because Qubes is
not using Qubes VM kernel by default yet.
* Qubes issue: https://github.com/QubesOS/qubes-issues/issues/5212
----
Kernel Hardening through Kernel Boot Parameters
-
https://github.com/Whonix/security-misc/blob/master/etc/default/grub.d/40_kernel_hardening.cfg
* Already installed by default in Non-Qubes-Whonix for a long time.
* Not on the horizon for Qubes-Whonix. Qubes VM kernel non-default issue.
* Qubes issue: https://github.com/QubesOS/qubes-issues/issues/5212
----
Strong Linux User Account Separation / Protection against Bruteforcing
Linux User Account Passwords
- https://github.com/Whonix/security-misc
-
https://www.whonix.org/wiki/Dev/Permissions#Bruteforcing_Linux_User_Account_Passwords
* Already default in Non-Qubes-Whonix.
* Might be fixeable in Qubes-Whonix
*
https://forums.whonix.org/t/qubes-sudo-su-root-hardening-development-discussion/8561
* Qubes issues:
* https://github.com/QubesOS/qubes-core-agent-linux/pull/171
* https://github.com/QubesOS/qubes-issues/issues/2695
* https://github.com/QubesOS/qubes-issues/issues/1885
----
Please help fixing these issues!
-----
This was originally posted here:
https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581
https://twitter.com/Whonix/status/1201050814900588544
- https://www.whonix.org/wiki/Keystroke_Deanonymization#Kloak
- https://www.whonix.org/wiki/Keystroke_Deanonymization
* Already installed by default in Non-Qubes-Whonix for a long time.
* Not on the horizon for Qubes-Whonix. Qubes VM kernel non-default issue.
* Qubes issue: https://github.com/QubesOS/qubes-issues/issues/2558
----
Linux Kernel Runtime Guard (LKRG)
- https://www.whonix.org/wiki/Linux_Kernel_Runtime_Guard_LKRG
* Soon to be installed by default in Non-Qubes-Whonix.
* Not soon to be installed in Qubes-Whonix by default because Qubes is
not using Qubes VM kernel by default yet.
* Qubes issues:
* https://github.com/QubesOS/qubes-issues/issues/5461
* https://github.com/QubesOS/qubes-issues/issues/1850
* https://github.com/QubesOS/qubes-issues/issues/5212
----
tirdad - TCP ISN CPU Information Leak Protection
- https://github.com/Whonix/tirdad
* Soon to be installed by default in Non-Qubes-Whonix.
* Not soon to be installed in Qubes-Whonix by default because Qubes is
not using Qubes VM kernel by default yet.
* Qubes issue: https://github.com/QubesOS/qubes-issues/issues/5212
----
Kernel Hardening through Kernel Boot Parameters
-
https://github.com/Whonix/security-misc/blob/master/etc/default/grub.d/40_kernel_hardening.cfg
* Already installed by default in Non-Qubes-Whonix for a long time.
* Not on the horizon for Qubes-Whonix. Qubes VM kernel non-default issue.
* Qubes issue: https://github.com/QubesOS/qubes-issues/issues/5212
----
Strong Linux User Account Separation / Protection against Bruteforcing
Linux User Account Passwords
- https://github.com/Whonix/security-misc
-
https://www.whonix.org/wiki/Dev/Permissions#Bruteforcing_Linux_User_Account_Passwords
* Already default in Non-Qubes-Whonix.
* Might be fixeable in Qubes-Whonix
*
https://forums.whonix.org/t/qubes-sudo-su-root-hardening-development-discussion/8561
* Qubes issues:
* https://github.com/QubesOS/qubes-core-agent-linux/pull/171
* https://github.com/QubesOS/qubes-issues/issues/2695
* https://github.com/QubesOS/qubes-issues/issues/1885
----
Please help fixing these issues!
-----
This was originally posted here:
https://forums.whonix.org/t/qubes-whonix-security-disadvantages-help-wanted/8581
https://twitter.com/Whonix/status/1201050814900588544
Reply all
Reply to author
Forward
0 new messages