Testers Wanted!
Download the Testers-Only version of Whonix for VirtualBox:
Alternatively, in-place release upgrade is possible upgrade using Whonix testers repository.
This release would not have been possible without the numerous supporters of Whonix!
Please Donate!
Please Contribute!
Notable Changes
- VirtualBox:
- Had to increase Whonix-Gateway default RAM to 1280 MB. Otherwise VirtualBox guest additions kernel modules would fail to compile.
- i2p
- preparation for installation of i2p by default
- do not autostart i2p.service if installed
- do not autostart privoxy.service if installed
- do not autostart i2p.service in Qubes TemplateVM
- do not autostart privoxy.service in Qubes TemplateVM
- i2p is not yet installed by default because of this reason.
- preparation for installation of i2p by default
- apparmor-profile-everything (not installed by default yet) enhancements
- hardened-kernel (not installed by default yet) enhancements
- first-boot-skel: fix /etc/skel/.bashrc to /home/user/.bashrc handling if home folder is completely empty
- LKRG (not installed by default yet) enhancements
- fix compilation using DKMS on kernel upgrade by adding support for make variable KERNELRELEASE (DKMS sets it)
- Auto load LKRG after installation. Since LKRG now supports module parameters and VirtualBox host support, it can be automatically started after installation since it would no longer kill VirtualBox VMs running on a host.
- security-misc:
- Restricts the SysRq key so it can only be used for shutdowns and the Secure Attention Key.
- remove-system-map: use shred instead of rm
- Disable the busmaster bit on all PCI bridges during very early boot to avoid holes in IOMMU.
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX efi=disable_early_pci_dma"- Captcha Check
- efi: Allow disabling PCI busmastering on bridges during boot - kernel/git/torvalds/linux.git - Linux kernel source tree
- Only allow symlinks to be followed when outside of a world-writable sticky directory, or when the owner of the symlink and follower match, or when the directory owner matches the symlink’s owner. Prevent hardlinks from being created by users that do not have read/write access to the source file. These prevent many TOCTOU races.
fs.protected_symlinks=1fs.protected_hardlinks=1
- Restrict loading TTY line disciplines to CAP_SYS_MODULE to prevent unprivileged attackers from loading vulnerable line disciplines with the TIOCSETD ioctl which has been used in exploits before such as CVE-2017-2636: Exploit the race condition in the n_hdlc Linux kernel driver | Alexander Popov
- LKML: Greg Kroah-Hartman: [PATCH 4.14 15/69] tty: ldisc: add sysctl to prevent autoloading of ldiscs
dev.tty.ldisc_autoload=0
- Tor Browser: update to
9.0.5
- tirdad
- fix compilation using DKMS on kernel upgrade by adding support for make variable KERNELRELEASE (DKMS sets it)
- usability-misc
- add dpkg-noninteractive wrapper script
- Speeding up "apt update" with Acquire::Languages=none and Contents-deb::DefaultEnabled=false - It's so much faster! - #2 by HulaHoop
Acquire::Languages none;Acquire::IndexTargets::deb::Contents-deb::DefaultEnabled false;
It also includes the changes of the previous testers only version 8 days ago.
Full difference of all changes
https://github.com/Whonix/Whonix/compare/15.0.0.8.7-developers-only...15.0.0.8.9-developers-only
About Whonix
Whonix is being used by Edward Snowden, journalists such as Micah Lee, used by the Freedom of the Press Foundation and Qubes OS. It has a 7 years history of keeping its users safe from real world attacks. [1]
The split architecture of Whonix relies on leveraging virtualization technology as a sandbox for vulnerable user applications on endpoints. This is a widely known weakness exploited by entities that want to circumvent cryptography and system integrity. Our Linux distribution come with a wide selection of data protection tools and hardened applications for document/image publishing and communications. We are the first to deploy tirdad, which addresses the long known problem of CPU activity affecting TCP traffic properties in visible ways on the network and vanguards, an enhancement for Tor produced by the developers of Tor, which protects against guard discovery and related traffic analysis attacks. Live Mode was recently added. We deliver the first ever solutions for user behavior masking privacy protections such as Kloak. Kloak prevents websites from recognizing who the typist is by altering keystroke timing signatures that are unique to everyone.
In the future we plant to deploy a hardened Linux kernel with the minimal amount of modules needed to get the job done, an apparmor profile for the whole system, as well as LKRG, the Linux Kernel Runtime Guard, which kills whole classes of kernel exploits.
[1]
- https://twitter.com/Snowden/status/1165607338973130752 [archive]
- https://twitter.com/snowden/status/781495273726025728 [archive]
- https://twitter.com/Snowden/status/1175435436501667840 [archive]
- Micah Lee, Journalist and Security Engineer at The Intercept and Advocate for Freedom of the Press, Developer of OnionShare and Tor Browser Launcher. [archive]
- SecureDrop Journalist Workstation environment for submission handling is based on Qubes-Whonix [archive]
- History
- Whonix - Wikipedia [archive]
- https://www.qubes-os.org [archive]
- Whonix Protection against Real World Attacks
