Open tasket opened 5 years ago
whonix-setup-wizard skip status files were moved from /var/cache/whonix-setup-wizard/status-files to /usr/share/whonix-setup-wizard/status-files in git master (later coming in Whonix 15 package upgrades) to rely less/not on bind-dirs / rw for this purpose.
To ease analysis of this all the bind-dirs that Whonix is using were reviewed and documented just now.
https://github.com/Whonix/qubes-whonix/blob/master/usr/lib/qubes-bind-dirs.d/40_qubes-whonix.conf
Ideally the number of bind-dirs Whonix is using could be reduced to 0 or as few as possible. Not only for Qubes-VM-hardening. That's generally good to keep things simple.
Some thing could be moved from /var/lib or /var/cache to somewhere in /home (but not /home/user). On the other hand an unclean /home folder with a lot of junk (like /home/whonix for status files) also seems bad.
Currently
vm-boot-protect
is the most compatible mode for Whonix VMs (but see issue #31).It might be desirable to explore using the more extensive
vm-boot-protect-root
mode for whonix-ws VMs by mapping which Tor and Whonix files in /rw should be whitelisted. Going beyond whitelists to use deployment files and hashes might also be useful.The goal would be to provide some after-restart mitigation to whonix-ws AppVMs that have experienced some kind of attack involving a successful privilege escalation. Hopefully, this attack resistance would be in addition to whatever persistence (bookmarks, saved documents, etc.) that the user gains vs using a DispVM.
cc @adrelanos