We’ve identified a less likely case where user-sysmaint-split can be useful on Whonix-Gateway.
A process running on Whonix-Gateway might get compromised in theory such as Tor or onion-grater. Once malware is running under account debian-tor or onion-grater, we don’t want these to have access to sudo’s or pkexec’s SUID attack surface.
Hence, it’s best if Whonix-Gateway runs in user session.
- Non-Qubes-Whonix: Ideally, when updating Whonix-Gateway, it’s best to shutdown any Whonix-Workstation (or Whonix-Custom-Workstation) first.
- Qubes-Whonix: sys-whonix can keep running in user session while the Whonix-Gateway Template is run in sysmaint mode and updated.
This will be introduced in Whonix 18.
Do not try to install user-sysmaint-split in Whonix 17 and report any bugs as it will break things such as Anon Connection Wizard.
user-sysmaint-split will be supported on Whonix-Gateway starting from Whonix 18.