Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop leaking dom0 timezone to Qubes-Whonix #8381

Open
adrelanos opened this issue Jul 31, 2023 · 6 comments · May be fixed by QubesOS/qubes-core-admin#632
Open

Stop leaking dom0 timezone to Qubes-Whonix #8381

adrelanos opened this issue Jul 31, 2023 · 6 comments · May be fixed by QubesOS/qubes-core-admin#632
Labels
C: Whonix This issue impacts Qubes-Whonix P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. privacy This issue pertains to data or information privacy through technological means. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.

Comments

@adrelanos
Copy link
Member

Qubes OS release

R4.2

Brief summary

Qubes VMs leak timezone.

Reported by @chessjazz.

Steps to reproduce

qubesdb-read /qubes-timezone

Expected behavior

No command available to leak dom0 timezone.

Actual behavior

Dom0 timezone can be leaked in VM if malware is running inside the VM.

Additional information

For issue tracking.

  • issue caused by Qubes-Whonix: no
  • affects Qubes-Whonix: yes, because Whonix sets timezone to UTC as it should be hidden. (It doesn't leak to remote websites but malware with local code execution could read dom0 timezone.)
  • only relevant for Whonix: Dunno if there are also other users who would prefer not to leak this information to VMs.

Suggested solution

If qvm-features or similar mechanism has whonix-ws 1, whonix-gw 1, notimezone 1, then don't write /qubes-timezone to qubesdb.
@adrelanos adrelanos added P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. labels Jul 31, 2023
@andrewdavidwong andrewdavidwong added T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality. privacy This issue pertains to data or information privacy through technological means. C: Whonix This issue impacts Qubes-Whonix and removed T: bug Type: bug report. A problem or defect resulting in unintended behavior in something that exists. labels Aug 1, 2023
@andrewdavidwong andrewdavidwong added this to the Release TBD milestone Aug 1, 2023
@andrewdavidwong andrewdavidwong changed the title stop leaking dom0 timezone to VMs Stop leaking dom0 timezone to Whonix qubes Aug 1, 2023
@adrelanos

This comment was marked as off-topic.

Sign in to view
@marmarek

This comment was marked as off-topic.

Sign in to view
@DemiMarie

This comment was marked as off-topic.

Sign in to view
@marmarek

This comment was marked as off-topic.

Sign in to view
@andrewdavidwong andrewdavidwong removed this from the Release TBD milestone Aug 13, 2023
@p1llule

This comment was marked as off-topic.

Sign in to view
@andrewdavidwong

This comment was marked as off-topic.

Sign in to view
@adrelanos adrelanos changed the title Stop leaking dom0 timezone to Whonix qubes Stop leaking dom0 timezone to Qubes-Whonix Feb 12, 2024
@adrelanos adrelanos mentioned this issue Mar 4, 2024
Open
strategictraveler added a commit to strategictraveler/qubes-core-admin that referenced this issue Nov 2, 2024
@strategictraveler
Hide local timezone from VMs with specific tag
a8ba9ab 
Set fake timezone for VMs with "anon-timezone" tag.
Fixes QubesOS/qubes-issues#8381
strategictraveler added a commit to strategictraveler/qubes-core-admin that referenced this issue Nov 2, 2024
@strategictraveler
Hide local timezone from VMs with specific tag
a5dd3ba 
Set fake timezone for VMs with the "anon-timezone" tag.
Fixes QubesOS/qubes-issues#8381
@strategictraveler strategictraveler linked a pull request Nov 2, 2024 that will close this issue
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: Whonix This issue impacts Qubes-Whonix P: default Priority: default. Default priority for new issues, to be replaced given sufficient information. privacy This issue pertains to data or information privacy through technological means. T: enhancement Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Hide local timezone from VMs with specific tag strategictraveler/qubes-core-admin
5 participants
@marmarek @adrelanos @DemiMarie @andrewdavidwong @p1llule