Menu
▾
▴
whonix-devel
|
From: chiccofx <chi...@to...> - 2013-05-08 00:43:04
Attachments:
signature.asc
0x188CAACE.asc
|
Hello Everybody, I am a new user to whonix, but an experienced *nix developer. I have read the faq about the question related with openbsd and security. I want volunteer myself to address many of those issues. There have been some recent developments on the issues pointed by the faq. Openbsd as a whonix gateway would not only decrease the attack surface, but the VM would required even less RAM than what is used currently. This would improve the overall user experience and allow more RAM to be assigned to the whonix workstation by default. Let me know what are your thoughts on this. I am planning to replace my current debian whonix gateway with an OpenBSD 5.3 (launched May 1) and see how it perform. Happy to share the result. Thank you, -- GPG: 12E9 BCD6 5298 70B5 6C4C 7F1C 8C70 D6ED 188C AACE |
|
From: adrelanos <adr...@ri...> - 2013-05-08 01:39:23
|
Hi chiccofx! chiccofx: > Hello Everybody, > > I am a new user to whonix, but an experienced *nix developer. I have > read the faq about the question related with openbsd and security. I > want volunteer myself to address many of those issues. > There have been > some recent developments on the issues pointed by the faq. Will they get a secure package manager like apt/rpm? > Openbsd as a whonix gateway would not only decrease the attack > surface, but the VM would required even less RAM than what is used > currently. This would improve the overall user experience and allow > more RAM to be assigned to the whonix workstation by default. > > Let me know what are your thoughts on this. I am planning to replace > my current debian whonix gateway with an OpenBSD 5.3 (launched May 1) > and see how it perform. Happy to share the result. Most interesting. As the FAQ says, I don't regard OpenBSD as very secure myself in context of Whonix's threat model, especially due to the OpenBSBD package manager not passing the TUF threat model, at least not for ordinary users who don't run their own signed OpenBSD repository... Anyway, other developers can come to different conclusions, that's fine. It's quite interesting to see an alternative implementation of Whonix-Gateway. I will support this effort with questions/answers/comments, perhaps some code changes to prepare Whonix source code better for such ports. So lets see where this goes. Whether you do this as a one shot or are interested in merging this (so the builder can just switch an option in build config), we'll see how it develops. If you share codes early, it will be easier for me to follow how it develops. Looking forward to it. Cheers, adrelanos |
|
From: chiccofx <chi...@to...> - 2013-05-08 02:24:33
Attachments:
signature.asc
0x188CAACE.asc
|
adrelanos: > Hi chiccofx! > > chiccofx: >> Hello Everybody, >> >> I am a new user to whonix, but an experienced *nix developer. I have >> read the faq about the question related with openbsd and security. I >> want volunteer myself to address many of those issues. > >> There have been >> some recent developments on the issues pointed by the faq. > > Will they get a secure package manager like apt/rpm? Unfortunately, as far as I am concerned, no. They still suggest to buy the dvd's/cd's which lead a trace back to the real identity. I have been a user of OpenBSD for hardened firewalling purposes for many years so there is a level of plausible deniability in my persona acquiring a set of cd/dvd. > >> Openbsd as a whonix gateway would not only decrease the attack >> surface, but the VM would required even less RAM than what is used >> currently. This would improve the overall user experience and allow >> more RAM to be assigned to the whonix workstation by default. >> >> Let me know what are your thoughts on this. I am planning to replace >> my current debian whonix gateway with an OpenBSD 5.3 (launched May 1) >> and see how it perform. Happy to share the result. > > Most interesting. As the FAQ says, I don't regard OpenBSD as very secure > myself in context of Whonix's threat model, especially due to the > OpenBSBD package manager not passing the TUF threat model, at least not > for ordinary users who don't run their own signed OpenBSD repository... > Since you use sourceforge for hosting and since users are already advised to not trust whonix, we could create a OpenBSD repository, signed initially with my key, and perhaps, in the future with the whonix project key. There cannot be hashes of the packages in the OpenBSD mirrors but, there is a hash of the ports file and some of the ports can be configured to get the source using https, and they do hash checking of the source, so it is secure in this manner (it gets the source from the official place and do check the hashes) > Anyway, other developers can come to different conclusions, that's fine. > It's quite interesting to see an alternative implementation of > Whonix-Gateway. I will support this effort with > questions/answers/comments, perhaps some code changes to prepare Whonix > source code better for such ports. > > So lets see where this goes. Whether you do this as a one shot or are > interested in merging this (so the builder can just switch an option in > build config), we'll see how it develops. If you share codes early, it > will be easier for me to follow how it develops. Looking forward to it. > Will start working on my free time as soon as possible. The OpenBSD project officially dropped sendmail in favor of OpenSMTPD. In your FAQ you stated that OpenBSD does not support PIE but, in facth, OpenBSD was one of the first mainstream OSes to support it. OpenBSD support complete ASLR support with PIE binaries since 2008. Also, it can be run in securelevel with not only prevents changes to the firewall ruleset as it does apply other restrictions, as not letting any kind of disk writing, among other things. Also, the tor package/port can be run on a chroot. All this will help to decrease the attack surface. I know that there are many criticisms to some of the security features of OpenBSD, but I have never had one machine compromised, either remotely or locally (using securelevel) > Cheers, > adrelanos Cheers, chiccofx > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and > their applications. This 200-page book is written by three acclaimed > leaders in the field. The early access version is available now. > Download your free book today! http://p.sf.net/sfu/neotech_d2d_may > _______________________________________________ > Whonix-devel mailing list > Who...@li... > https://lists.sourceforge.net/lists/listinfo/whonix-devel -- GPG: 12E9 BCD6 5298 70B5 6C4C 7F1C 8C70 D6ED 188C AACE |
|
From: adrelanos <adr...@ri...> - 2013-05-08 11:18:50
|
chiccofx: >>> Openbsd as a whonix gateway would not only decrease the attack >>> surface, but the VM would required even less RAM than what is used >>> currently. This would improve the overall user experience and allow >>> more RAM to be assigned to the whonix workstation by default. >>> >>> Let me know what are your thoughts on this. I am planning to replace >>> my current debian whonix gateway with an OpenBSD 5.3 (launched May 1) >>> and see how it perform. Happy to share the result. >> >> Most interesting. As the FAQ says, I don't regard OpenBSD as very secure >> myself in context of Whonix's threat model, especially due to the >> OpenBSBD package manager not passing the TUF threat model, at least not >> for ordinary users who don't run their own signed OpenBSD repository... >> > > Since you use sourceforge for hosting and since users are already > advised to not trust whonix, I hope to change this. I am in contact with an organization which may or may not be interested to create binary builds. This organization won't be trusted by everyone of course, there is always space for doubt. There is nothing negative in their public record. For objective reasons, they are more to be trusted than some anonymous person (me). I am not that interested in creating binary builds anyway and would like to have such a trusted organization or person helping out. (At some point we decide to make a maybe-release branch, start snapshot builds for testers, stabilize and eventually call it a release. I'll concentrate on code development and documentation and they help out with uploads.) It's still in the very early discussion phase, not sure if there will be any outcome. On the other front, I also made some tiny progress with deterministic builds. Not sure if I will be able to script it, but perhaps I can at least get up a proposal and then ask people who offer to volunteer if they have the skill to script it. > we could create a OpenBSD repository, > signed initially with my key, Well, that would be as far I understand it a nice contribution to the OpenBSD and Free Software world and perhaps useful for many other people, not just people interested in Whonix. > and perhaps, in the future with the whonix > project key. Not sure if I get into OpenBSD, but it seems I am getting educated here. > Will start working on my free time as soon as possible. The OpenBSD > project officially dropped sendmail in favor of OpenSMTPD. In your FAQ > you stated that OpenBSD does not support PIE but, in facth, OpenBSD was > one of the first mainstream OSes to support it. OpenBSD support complete > ASLR support with PIE binaries since 2008. Also, it can be run in > securelevel with not only prevents changes to the firewall ruleset as it > does apply other restrictions, as not letting any kind of disk writing, > among other things. Also, the tor package/port can be run on a chroot. > All this will help to decrease the attack surface. I know that there are > many criticisms to some of the security features of OpenBSD, but I have > never had one machine compromised, either remotely or locally (using > securelevel) I removed those points from the faq https://sourceforge.net/p/whonix/wiki/FAQ/#why-arent-you-using-openbsd-its-the-most-secure-os-ever1 I should rewrite that FAQ entry anyway. Never know how to do it best. Originally it was written by anonymous long time ago. Maybe Whonix gets sponsored with https hosting from that organization as well, in that case, in future there could be something like a download wizard where people choose which flavor they prefer depending on some helpful questions. (Flavor as in Debian based Gateway, OpenBSD based Gateway, Physical Isolation.) |
|
From: chiccofx <chi...@to...> - 2013-05-08 13:48:37
Attachments:
signature.asc
0x188CAACE.asc
|
adrelanos: > chiccofx: >>>> Openbsd as a whonix gateway would not only decrease the attack >>>> surface, but the VM would required even less RAM than what is used >>>> currently. This would improve the overall user experience and allow >>>> more RAM to be assigned to the whonix workstation by default. >>>> >>>> Let me know what are your thoughts on this. I am planning to replace >>>> my current debian whonix gateway with an OpenBSD 5.3 (launched May 1) >>>> and see how it perform. Happy to share the result. >>> >>> Most interesting. As the FAQ says, I don't regard OpenBSD as very secure >>> myself in context of Whonix's threat model, especially due to the >>> OpenBSBD package manager not passing the TUF threat model, at least not >>> for ordinary users who don't run their own signed OpenBSD repository... >>> >> >> Since you use sourceforge for hosting and since users are already >> advised to not trust whonix, > > I hope to change this. I am in contact with an organization which may or > may not be interested to create binary builds. This organization won't > be trusted by everyone of course, there is always space for doubt. There > is nothing negative in their public record. For objective reasons, they > are more to be trusted than some anonymous person (me). I am not that > interested in creating binary builds anyway and would like to have such > a trusted organization or person helping out. (At some point we decide > to make a maybe-release branch, start snapshot builds for testers, > stabilize and eventually call it a release. I'll concentrate on code > development and documentation and they help out with uploads.) > > It's still in the very early discussion phase, not sure if there will be > any outcome. > > On the other front, I also made some tiny progress with deterministic > builds. Not sure if I will be able to script it, but perhaps I can at > least get up a proposal and then ask people who offer to volunteer if > they have the skill to script it. > Nice to hear it. The true is that nobody can or should be trusted. But in general, since we are all anonymous, there should be at least a level of benefit of the doubt. >> we could create a OpenBSD repository, >> signed initially with my key, > > Well, that would be as far I understand it a nice contribution to the > OpenBSD and Free Software world and perhaps useful for many other > people, not just people interested in Whonix. > Yes, it would. But I believe it would not get to the mainstream since it would be signed by a third party and not the OpenBSD project/developers. >> and perhaps, in the future with the whonix >> project key. > > Not sure if I get into OpenBSD, but it seems I am getting educated here. > >> Will start working on my free time as soon as possible. The OpenBSD >> project officially dropped sendmail in favor of OpenSMTPD. In your FAQ >> you stated that OpenBSD does not support PIE but, in facth, OpenBSD was >> one of the first mainstream OSes to support it. OpenBSD support complete >> ASLR support with PIE binaries since 2008. Also, it can be run in >> securelevel with not only prevents changes to the firewall ruleset as it >> does apply other restrictions, as not letting any kind of disk writing, >> among other things. Also, the tor package/port can be run on a chroot. >> All this will help to decrease the attack surface. I know that there are >> many criticisms to some of the security features of OpenBSD, but I have >> never had one machine compromised, either remotely or locally (using >> securelevel) > > I removed those points from the faq > https://sourceforge.net/p/whonix/wiki/FAQ/#why-arent-you-using-openbsd-its-the-most-secure-os-ever1 > I should rewrite that FAQ entry anyway. Never know how to do it best. > Originally it was written by anonymous long time ago. > > Maybe Whonix gets sponsored with https hosting from that organization as > well, in that case, in future there could be something like a download > wizard where people choose which flavor they prefer depending on some > helpful questions. (Flavor as in Debian based Gateway, OpenBSD based > Gateway, Physical Isolation.) > Truth be told, a ssl certificate that signs an entire domain *.example.com and example.com, does not cost that much, perhaps in the figures of a couple hundred of dollars. The problem is to pay for it, and to renew it in a yearly base. As to the wizard, it would be awesome. I'll first test an OpenBSD gateway and try to harden/secure it as much as I can, and then proceed to build it from scratch. > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and > their applications. This 200-page book is written by three acclaimed > leaders in the field. The early access version is available now. > Download your free book today! http://p.sf.net/sfu/neotech_d2d_may > _______________________________________________ > Whonix-devel mailing list > Who...@li... > https://lists.sourceforge.net/lists/listinfo/whonix-devel -- GPG: 12E9 BCD6 5298 70B5 6C4C 7F1C 8C70 D6ED 188C AACE |
|
From: adrelanos <adr...@ri...> - 2013-05-08 14:19:27
|
chiccofx: > Truth be told, a ssl certificate that signs an entire domain > *.example.com and example.com, does not cost that much, perhaps in the > figures of a couple hundred of dollars. The problem is to pay for it, > and to renew it in a yearly base. Yes, startssl certicates are even free (and fine). Hosting isn't very expensive. It's just really expensive and difficult to do anonymously. |
|
From: chiccofx <chi...@to...> - 2013-05-09 13:38:37
Attachments:
signature.asc
|
adrelanos: > chiccofx: >> Truth be told, a ssl certificate that signs an entire domain >> *.example.com and example.com, does not cost that much, perhaps in the >> figures of a couple hundred of dollars. The problem is to pay for it, >> and to renew it in a yearly base. > > Yes, startssl certicates are even free (and fine). Hosting isn't very > expensive. It's just really expensive and difficult to do anonymously. > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and > their applications. This 200-page book is written by three acclaimed > leaders in the field. The early access version is available now. > Download your free book today! http://p.sf.net/sfu/neotech_d2d_may > _______________________________________________ > Whonix-devel mailing list > Who...@li... > https://lists.sourceforge.net/lists/listinfo/whonix-devel It appears that someone read my mind: http://undeadly.org/cgi?action=article&sid=20130509120042 They are offering digitally signed package updates for the -stable branch of the OpenBSD pkg/ports. Seems that offering OpenBSD as a firewall option to whonix, is not that far. The trust still relies on a third party, and not on the OpenBSD project. But I believe that this is way more secure than fetching packages in plain text ftp or http, from OpenBSD mirrors, without any digital signing, which is the way things happen these days. One more incentive to work on this! Cheers, -- GPG: 12E9 BCD6 5298 70B5 6C4C 7F1C 8C70 D6ED 188C AACE |
|
From: adrelanos <adr...@ri...> - 2013-05-09 17:30:36
|
chiccofx: > It appears that someone read my mind: > > http://undeadly.org/cgi?action=article&sid=20130509120042 > > They are offering digitally signed package updates for the -stable > branch of the OpenBSD pkg/ports. Seems that offering OpenBSD as a > firewall option to whonix, is not that far. The trust still relies on a > third party, and not on the OpenBSD project. But I believe that this is > way more secure than fetching packages in plain text ftp or http, from > OpenBSD mirrors, without any digital signing, which is the way things > happen these days. One more incentive to work on this! Good find! |
|
From: adrelanos <adr...@ri...> - 2013-06-07 14:35:15
|
How do you plan to replace grml-debootstrap, i.e. the step for creating a base VM image? |
|
From: chiccofx <chi...@to...> - 2013-06-08 04:00:41
Attachments:
signature.asc
|
adrelanos: > How do you plan to replace grml-debootstrap, i.e. the step for creating > a base VM image? > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. A cloud service to automate IT design, transition and operations > 2. Dashboards that offer high-level views of enterprise services > 3. A single system of record for all IT processes > http://p.sf.net/sfu/servicenow-d2d-j > _______________________________________________ > Whonix-devel mailing list > Who...@li... > https://lists.sourceforge.net/lists/listinfo/whonix-devel I just recently started looking into whonix source code. I believe that whonix would have to be built from inside an OpenBSD machine. This could possibly break the workstation building process, but I believe that it is easier to fix that from inside OpenBSD, than building OpenBSD inside linux. OpenBSD introduces changes to the gcc, assembler, linker, etc. This: http://www.openbsd.org/faq/faq5.html, illustrates the building process. Anyway, as it is limiting to only being able to build openbsd whonix gateway from inside an openbsd machine it is not that hard to install it on a virtual machine, since virtualbox HAS to be setup in advance to whonix installation. Of course this would only apply to the ones wanting to build from source, and these could (or not?) be considered computer literate enough to setup a OpenBSD virtual machine (that if they are not already using one as host). Also, the script can detect and only build an OpenBSD gateway if being run from inside it (or asked to, or both), if not build the debian based gateway. This is the price to pay for extra security, even smaller attack surface on the gateway and less RAM needed for it, freeing RAM to the workstation (to me this is the most nice, for performance reasons). Cheers, -- GPG: 12E9 BCD6 5298 70B5 6C4C 7F1C 8C70 D6ED 188C AACE |
|
From: adrelanos <adr...@ri...> - 2013-06-08 14:12:22
|
chiccofx: > adrelanos: >> How do you plan to replace grml-debootstrap, i.e. the step for creating >> a base VM image? > > I just recently started looking into whonix source code. I believe that > whonix would have to be built from inside an OpenBSD machine. This could > possibly break the workstation building process, but I believe that it > is easier to fix that from inside OpenBSD, than building OpenBSD inside > linux. OpenBSD introduces changes to the gcc, assembler, linker, etc. > This: http://www.openbsd.org/faq/faq5.html, illustrates the building > process. Its not a problem, to build Whonix you also need to build on Debian Wheezy (or maybe above) on hardware or inside a VM. You can't build Whonix on Ubuntu, unless you want to change a few things and get an Ubuntu-based Whonix and you can not build on top of Windows and I doubt you can build it on top of Mac, BSD, etc. > Of course this would only apply to the ones wanting to build from > source, and these could (or not?) be considered computer literate enough > to setup a OpenBSD virtual machine (that if they are not already using > one as host). Seems only natural to be, that you have to build the Debian based VMs on Debian and BSD based VMs on BSD. If you want support building a Whonix-BSD-Gateway on Debian, maybe chroots could work? > Also, the script can detect and only build an OpenBSD gateway if being > run from inside it (or asked to, or both), if not build the debian based > gateway. This is the price to pay for extra security, even smaller > attack surface on the gateway and less RAM needed for it, freeing RAM to > the workstation (to me this is the most nice, for performance reasons). Yes, we can autodetect it and/or use command line options. |
|
From: chiccofx <chi...@to...> - 2013-06-10 20:47:45
Attachments:
signature.asc
|
adrelanos: > chiccofx: >> adrelanos: >>> How do you plan to replace grml-debootstrap, i.e. the step for creating >>> a base VM image? >> >> I just recently started looking into whonix source code. I believe that >> whonix would have to be built from inside an OpenBSD machine. This could >> possibly break the workstation building process, but I believe that it >> is easier to fix that from inside OpenBSD, than building OpenBSD inside >> linux. OpenBSD introduces changes to the gcc, assembler, linker, etc. >> This: http://www.openbsd.org/faq/faq5.html, illustrates the building >> process. > > Its not a problem, to build Whonix you also need to build on Debian > Wheezy (or maybe above) on hardware or inside a VM. You can't build > Whonix on Ubuntu, unless you want to change a few things and get an > Ubuntu-based Whonix and you can not build on top of Windows and I doubt > you can build it on top of Mac, BSD, etc. Nice. > >> Of course this would only apply to the ones wanting to build from >> source, and these could (or not?) be considered computer literate enough >> to setup a OpenBSD virtual machine (that if they are not already using >> one as host). > > Seems only natural to be, that you have to build the Debian based VMs on > Debian and BSD based VMs on BSD. > > If you want support building a Whonix-BSD-Gateway on Debian, maybe > chroots could work? In this case I believe it would be simpler to adapt things to build on BSD than building the BSD on debian, because there is not a deboostrap similar on OpenBSD. Anyway, crossbuild and crosscompiling always is a bad idea, so building the whonix workstation should be done on debian, and build whonix openbsd gateway should be done on openbsd. > >> Also, the script can detect and only build an OpenBSD gateway if being >> run from inside it (or asked to, or both), if not build the debian based >> gateway. This is the price to pay for extra security, even smaller >> attack surface on the gateway and less RAM needed for it, freeing RAM to >> the workstation (to me this is the most nice, for performance reasons). > > Yes, we can autodetect it and/or use command line options. As soon as I have a setup that I consider stable (pf firewall rules + tor), I will start working on the building process, and virtual machine image generation. -- GPG: 12E9 BCD6 5298 70B5 6C4C 7F1C 8C70 D6ED 188C AACE |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X