Patrick Schleizer
Patrick Schleizer
Wondering if I may request prioritization of this issue, signed commit or tag creation please? (recent release only more than good enough) That would really help with keeping the Debian...
`msr_validate=0` / `lkrg.msr_validate = 0` is already the default. Therefore no more special code for KVM required. For the VirtualBox host software the only settings required are * `lkrg.pcfi_validate=1` *...
Well, since I opened this issue I am biased to wish this to be implemented. :) How come? https://github.com/adrelanos/security-misc/commit/7e128636b3a4ea7fe5dfa12018685ab7b5dda706 is a hack. It works for Kicksecure / Whonix users which...
Seems like an insufficient rationale. For unload/reload of the kernel module it would be possible to implement this as `sudo systemctl reload lkrg`. `ExecReload=` Related: the usefulness of the lkrg...
These folders * /tmp * /var/tmp * /dev/shm are user writable. Similar to * https://github.com/QubesOS/qubes-issues/issues/5263 * https://github.com/tasket/Qubes-VM-hardening/issues/41 [Quote](https://github.com/QubesOS/qubes-issues/issues/2695#issuecomment-301316132) Joanna (founder of Qubes OS): > I've been recently talking about this...
Reported against Qubes too: https://github.com/QubesOS/qubes-issues/issues/5329
tasket: > I've thought about this in the past, but wasn't aware of grub-live so I assumed it would only involve making /home files immutable. Actually all files including root....
What's the rationale of making user files immutable? chattr -R -f +i $chfiles $chfiles_add $chdirs $chdirs_add After reboot, malicious modification would be undone anyhow. Malware being active in the current...
> (BTW "so or so" isn't an expression I'm aware of; I don't know the meaning of those statements. "so and so" usually means 'some other unimportant person'.) I see....
Rewrite for plain Debian (non-Qubes) is in process. Early version below. Not ready for testing yet. Operating system integration not done yet. https://github.com/Whonix/security-misc/blob/master/usr/lib/security-misc/virusforget Could you have a look please to...