[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [CONTRIBUTE] [DONATE]

Debian security advises not implemented in whonix (discussion/clarification)

https://www.debian.org/doc/manuals/securing-debian-manual/ch03s06.en.html#id-1.4.7.9

In this article there are 2 advises i can see:

  • Dont install any unnecessary software including compilers by default.
  • Remove Perl and anything related to it (why not mentioned)

https://www.debian.org/doc/manuals/securing-debian-manual/ch03s02.en.html

  • Dont install everything into one partition better to choose an intelligent partition scheme

Duplicate of:

(just now added more information there)

As already documented:

You must take into account that removing perl might not be too easy (as a matter of fact it can be quite difficult) in a Debian system since it is used by many system utilities. Also, the perl-base is Priority: required (that about says it all). It’s still doable, but you will not be able to run any perl application in the system; you will also have to fool the package management system to think that the perl-base is installed even if it’s not.

This seems mostly theoretic and not practical.

These include the following utilities in packages with priority required or important:

Some of these are these are not important:

  • of package exim.

Some of these are really essential:

  • /usr/sbin/dpkg-divert of package dpkg.

  • /usr/sbin/dpkg-statoverride of package dpkg.

  • /usr/sbin/adduser of package adduser.

  • /usr/sbin/dpkg-reconfigure of package debconf.

These would have to be re-implemented in another language. In which language? In C? That would probably just lead to more bugs. Lots of effort and tiny gain.

Not realistic at all. I don’t bet but if there was a bet for the things which probably won’t be done in the next 10 years by anyone on the internet then this would be high on my list.

Probably same as:

1 Like

Good to have in theory… But…

One might be able to set this up using:

https://www.kicksecure.com/wiki/Distribution_Morphing

1 Like

I don’t know how much more robust partition level ACLs are compared to the permissions schemes enforced by the file system and Apparmor. Perhaps someone can explain @TNT_BOM_BOM @Patrick

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]