It would be great to have this integrated into Qubes OS directly instead of a third-party script. People with threat models higher than average might be worse off if they do not manage to find this thread (or don’t know that this could help them). I for one need protection against forensics and this is integral to it, and I hope it is merged into Qubes OS as soon as the devs can.
3 Likes
Maybe just the simplicity of having @unman 's GUI install it, but I don’t see how that could be solved since this is a standalone script and not salted. Suppose if anything @ben-grande might consider working a varient up for Qusal.
1 Like
Agree, the new laptop generation with DDR5 and up to 96GB RAM shows that RAM should not be any issue for Qubes OS anymore (in the upcoming years).
Maybe it is worth to summarize some cons and pros of really disposable qubes vs. default disposable qubes ?
| Attribute | Disposable RAM qube | Default disposable qube | Comment |
|---|---|---|---|
| … | … | … | … |
| … | … | … | … |
It would be nice if devs put in some thoughts and also comment on a possible implementation effort.
3 Likes
I for one need protection against forensics and this is integral to it, and I hope it is merged into Qubes OS as soon as the devs can.
This tool was never aimed to be anti-forensic and it can’t be relied on as such. Details were explained previously in the thread.
2 Likes
It should, in theory. I haven’t managed to comment that proves it otherwise (sorry, would be great if you could point towards it), but having a VM which is completely ephemeral, and run on encrypted, plausibly deniable storage for assets it needs access to, will make them a part of good security posture for individuals who need them.
It’s essentially akin to the live-images of most desktop distros and how they don’t leave any trace after shutting them down.
2 Likes
It should, in theory.
Well, it actually does in practice but that is a partial side effect, not essential functionality, i.e. a non-goal. Partial = it removes the domU itself but traces of its existence remain in dom0’s logs due to how the whole system works. Additionally, the safety of domU’s erasure depends on how the RAM-based disposable is shut down. If you initiate a system reboot/shutdown while the qube is running, the cleanup part won’t work (hence one of the additional scripts).
1 Like
Anti-forensics on Qubes is not easy. Especially with our suboptimal logging system.
2 Likes
Thank you for that, it is very relevant to know that.
1 Like
@qubist i just see that some qubes that i’ve deleting are still in ~/.local/share/qubes-appmenus/ .
Do you have the same problem like me?
It’s ok for rdispxxxx but not for the others…
edit: in the vm’s folder, i still have “apps” “apps.icons” “apps.tempicons” and “apps.templates” folders.
edit 2: forget it, i try to create other vm, them remove it and all is allright 
i think it’s when i restore Dom0 without use your script 
1 Like
No. I don’t see any rdisp* or named RAM-based disposable names in there.
Have you tried deleting the manually and checking if they would reappear?
1 Like
Nice script. I took interest in the example:
EXAMPLE:
Launch Tor browser in a RAM based whonix disposable:
${0##*/} -p template=whonix-ws-16-dvm -p netvm=sys-whonix -c torbrowser
Tor protocol encapsulation is handled inside the sys-whonix gateway, not the workstation. Meaning that sys-whonix could potentially leak cleartext request/response data (page content, passwords, etc. if the connection isn’t using TLS, SNI leakage for TLS) from the disposable to disk through swap or coredumps. I’m not sure if Whonix gateway retains other data like logs, cache files, etc.
The Whonix wiki explicitly discourages using a disposable gateway, so I hesitate mitigating the leak that way. Is disabling swap and coredumps in sys-whonix enough?
qvm-run -p sys-whonix "sudo swapoff --all; sudo sysctl -w fs.suid_dumpable=0; sudo sysctl -w kernel.core_pattern='|/bin/false'"
1 Like
Is disabling swap and coredumps in sys-whonix enough?
There is no such disabling.
The script disables swap in dom0 to prevent disk writes. It touches nothing inside any other qube. It will not put your netvm in RAM, only the AppVM you are creating resides there.
1 Like
Like as i say in my edit 2 : i try it and they disappear all is ok
1 Like
Like as i say in my edit 2 […]
Sorry, I don’t receive edits. I use the forum by email.
2 Likes