Whonix Testers Release
|About this Whonix Testers Release Page|
As Whonix ™ 15 was recently released on 1 July 2019 and work is ongoing, a testers release of Whonix ™ 16 is not yet available -- check back here at a later date.
Interested readers can refer to the Whonix ™ 16 roadmap to see where Whonix is heading. Major items include:
- A Whonix host operating system (tickets);
- Live mode (tickets); and
- A policy for inclusion of compiled software; for example this might possibly allow for the Electrum bitcoin thin client to be installed by default. 
Whonix 15: VirtualBox Testers Release
On 9 August, 2019 a testers-only version of Whonix ™ for VirtualBox was released.  Willing testers can either:
- Download the testers-only VirtualBox version; or
- Perform an in-place release upgrade via the Whonix ™ testers repository.
Over time, these changes will gradually filter through to the Whonix ™ 15 stable-proposed-updates and stable APT repositories.
- Implemented apparmor-profile-torbrowser improvements, see: Why does the Tor Browser AppArmor profile have sys_admin, sys_chroot and ptrace capabilities?
- Fixed anon-connection-wizard truncated text.
- Tor Browser Updater (by Whonix developers): reduced old versions being kept to
- Added anon-base-files to whonix-host-xfce-kvm-freedom.
- Added hardened-malloc to hardened-packages-dependencies-cli.
- Removed unneeded dependency live-config-systemd.
- Do not create a home folder during postinst.
- Leave user
usercreation to Qubes.
- Fixed and actually use
- Documented how to use recovery mode.
Improved Functionality and Usability
- Disabled whonixcheck “Connecting to Tor…” and “Connected to Tor.” messages. 
- Added support for OnionShare “bundled Tor”.
- Packaged str_replace for literal search and replace functions.
- Display the pulseaudio plugin by default.
- Added arc-theme, gnome-themes-extra, gnome-themes-extra-data and gtk2-engines-murrine for better visual presentation.
- Set SUDO_EDITOR="mousepad" if: mousepad is installed and the environment variable SUDO_EDITOR has not already been set.
- Enabled kernel panic on kernel oops after boot, see: set oops=panic kernel parameter or kernel.panic_on_oops=1 sysctl for better security.
- Changed the default umask to
- Enabled pam_umask.so usergroups, so group permissions are the same as user permissions. 
- Removed read, write and execute access for others for all users who have home folders under folder /home.  
- Group sudo membership is required to use
- Passwordless, recovery / emergency mode has been implemented.
- Lock user accounts with pam_tally2 after five failed authentication attempts are detected. 
- The thunderbolt and firewire modules were blacklisted, since they can be used for Direct Memory Access (DMA) attacks.
- Uncommon network protocols were blacklisted: these are rarely used and may have unknown vulnerabilities. 
- Enabled IOMMU.
- The SysRq key is restricted to only allow shutdowns/reboots.
- A systemd service mounts /proc with
hidepid=2at boot, thereby preventing users from seeing each other’s processes.
- A systemd service clears System.map on boot as these contain kernel symbols that could be useful to an attacker. 
- The kernel logs are restricted to root only.
- The BPF JIT compiler is restricted to the root user and is hardened.
- The ptrace system call is restricted to the root user only.
- Added user
rootto group sudo. This is necessary so it is still possible to login as a user in a virtual console. 
- Kernel symbols in /proc/kallsyms are hidden. This prevents malware from reading and using them to learn more about system vulnerabilities that can be attacked.
- Kexec is disabled because it can be used for live patching of the running kernel.
- For a full list of changes, see: https://github.com/Whonix/security-misc
Much stronger Linux user account isolation has been enforced in non-Qubes-Whonix: 
- Locked and expired the root account in new Whonix builds. Existing users who upgraded are advised to lock their root account. 
- Disabled root login in virtual consoles by default. 
- Added a Tor Browser first startup popup to ask whether the security slider should be set to safest.
- Anonymized /etc/machine-id.
- anon-gpg-tweaks: disabled keyservers for improved security. 
- Enabled APT seccomp sandboxing.
- Enforced msgcollector security hardening.
- Implemented systemd unit file hardening of services maintained by Whonix.
- Tor Browser Starter (tb-starter Whonix package) hardening: implemented optional
--hardening / tb_hardening="true"which utilizes Firejail and/or Hardened Malloc, see: Tor Browser Hardening documentation.
- Installed Hardened Malloc by default to ease usage (although it is not enabled by default to avoid breakage).
- See: https://electrum.org/
- In favor of sdwdate-gui. whonixcheck connectivity check code checks Tor as well as sdwdate. Due to slow Tor/onion speed it often times out. Improving that code is difficult, so sdwdate-gui is used instead as a solution that provides better visual feedback to users.
- By default, Debian utilizes User Private Groups (UPG). Also see: /usr/share/pam-configs/usergroups-security-misc
- For example, this affects those running “chmod o-rwx /home/user” during package installation or an upgrade.
- This is only performed once for each folder in the parent /home folder, so users who wish to relax file permissions can do so. This action protects files in the user's home folder which were previously created with lax file permissions prior to the installation of this package.
- See: unlock instructions. This means it is possible to have short, easy-to-remember, "weak" passwords for the user
useraccount, while still preventing compromised non-root users from bruteforcing it.
- See: /etc/modprobe.d/uncommon-network-protocols.conf
- Forum discussion.
- See: debian/security-misc.postinst
- This does not yet apply to Qubes-Whonix.
- Qubes issue.
- This is a purposeful security feature and there are no user freedom restrictions; read more here.
- See: gpg --recv-keys fails / no longer use keyservers for anything.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)