Whonix without systemD

phabricator-migrator · February 19, 2024, 4:30pm

Information

ID: 998
PHID: PHID-TASK-spmw3fd424lxblyvwtnd
Author: sanyo
Status at Migration Time: wontfix
Priority at Migration Time: Wishlist

Description

Hello,

Please let me know, may be a manual exists about how to switch Whonix to [[ An easy method to get Whonix based on Devuan instead of Debian? / Devuan Derivatives / Dev1 Galaxy Forum | Devuan base ]] and still keep all or most security enhancements of the Whonix project and [[ Arguments against systemd / Off-topic / Dev1 Galaxy Forum | eliminate systemD ]] from it at the same time?

It has so many security features I am missing including hardened kernel, but unfortunately it uses systemD which is a very serious unacceptable flaw.

May be just installing a few packages mentioned on:
https://web.archive.org/web/20200705173024/https://www.whonix.org/wiki/Whonix_Packages_for_Debian_Hosts
can do the thing? Though I am not sure about the hardened kernel from Whonix, is there an easy method to borrow its kernel with all its hacks and tunes to Devuan?

Comments

Patrick

2020-07-06 10:01:19 UTC

sanyo

2020-07-06 18:26:38 UTC

sanyo

2020-07-06 18:44:33 UTC

May I know, what do you think about Whonix vs OpenBSD in terms of security for a headless server without any GUI?

And why there are no any public leaks of more recent releases from grsecurity? Would not it be legal provided the kernel is GPLed?

Could not someone create a website like:
https://wpcrack.in/join-the-club-now/

It is the same idea, since Wordpress is GPLed, most its addons are GPLed too and it is legal to redistribute them for a cheaper price.

Since grsecurity is less popular than Wordpress they could set a price tag like $100-200 USD per year just to support expenses to find a new nominal LLC to purchase further updates to always a new company each time after earlier used company is banned by grsecurity, say once per 1-3 years. They could make a lag of releasing updates like a year behind of the grsec mainline, so the ban would occur only after subscription is already exhausted. It would be like a group buy campaigns.

Patrick

2020-07-07 09:53:55 UTC

sanyo

2020-07-07 18:06:57 UTC

sanyo

2020-07-07 20:23:46 UTC

sanyo

2020-08-23 12:58:04 UTC

It is important to understand, that systemD is actually much more than simply an init system:

systemD is only named “init system” just for marketing purposes to hide true (in)security hell promoted by it, IMHO actually systemD is much more like a second kernel running in parallel with general kernel and providing many new unified API for easy phoning home, remote control of many desktop program’s data, etc.

More details are described here

Many spare/odd (if they would be without systemd) software processes are running, not desired ports listening, main kernel options silently changed without permission, may be something else unpredictable, it is like a living on a volcano.

If systemD would be just another init system, it would not take years from Devuan to throw it out of the distribution and replace with another true init system like OpenRC or any other like it.

Bound to happen ... / News & Announcements / Dev1 Galaxy Forum