diff --git a/basics_user/user-faq.md b/basics_user/user-faq.md index 723aca91..efb2f926 100644 --- a/basics_user/user-faq.md +++ b/basics_user/user-faq.md @@ -189,7 +189,7 @@ This website is hosted via GitHub Pages behind Cloudflare ([why?](#why-does-this Therefore, it is largely outside of our control. We don't consider this a problem, however, since we explicitly [distrust the infrastructure](#what-does-it-mean-to-distrust-the-infrastructure). For this reason, we don't think that anyone should place undue trust in the live version of this site on the Web. -Instead, if you want to obtain your own, trustworthy copy of this website in a secure way, you should clone our [website repo](https://github.com/QubesOS/qubesos.github.io), [verify the PGP signatures on the commits and/or tags](/doc/verifying-signatures/#verifying-qubes-code) (signed by the [doc-signing keys](https://github.com/QubesOS/qubes-secpack/tree/master/keys/doc-signing)), then either [render the site on your local machine](https://github.com/QubesOS/qubesos.github.io/blob/master/README.md#instructions) or simply read the source, the vast majority of which was [intentionally written in Markdown so as to be readable as plain text for this very reason](/doc/doc-guidelines/#markdown-conventions). +Instead, if you want to obtain your own, trustworthy copy of this website in a secure way, you should clone our [website repo](https://github.com/QubesOS/qubesos.github.io), [verify the PGP signatures on the commits and/or tags](/security/verifying-signatures/#verifying-qubes-code) (signed by the [doc-signing keys](https://github.com/QubesOS/qubes-secpack/tree/master/keys/doc-signing)), then either [render the site on your local machine](https://github.com/QubesOS/qubesos.github.io/blob/master/README.md#instructions) or simply read the source, the vast majority of which was [intentionally written in Markdown so as to be readable as plain text for this very reason](/doc/doc-guidelines/#markdown-conventions). We've gone to special effort to set all of this up so that no one has to trust the infrastructure and so that the contents of this website are maximally available and accessible. ### What does it mean to "distrust the infrastructure"? diff --git a/common-tasks/tips-and-tricks.md b/common-tasks/tips-and-tricks.md index a05f7b1d..64673eee 100644 --- a/common-tasks/tips-and-tricks.md +++ b/common-tasks/tips-and-tricks.md @@ -10,7 +10,7 @@ This section provides user suggested tips that aim to increase Qubes OS usabilit Opening links in your preferred AppVM ------------------------------------- -To increase both security and usability you can set an AppVM so that it automatically opens any link in an different AppVM of your choice. You can do this for example in the email AppVM, in this way you avoid to make mistakes like opening links in it. to learn more you can check [security guidelines](/doc/security-guidelines/) and [security goals](/doc/security-goals/). +To increase both security and usability you can set an AppVM so that it automatically opens any link in an different AppVM of your choice. You can do this for example in the email AppVM, in this way you avoid to make mistakes like opening links in it. to learn more you can check [security guidelines](/doc/security-guidelines/) and [security goals](/security/goals/). The command `qvm-open-in-vm` lets you open a document or a URL in another VM, it takes two parameters: vmname and filename. diff --git a/doc.md b/doc.md index 2ae0ccab..89dd1fb1 100644 --- a/doc.md +++ b/doc.md @@ -29,11 +29,12 @@ The Basics Security Information -------------------- - * [Security Main Page](/security/) - * [Security Pack](/doc/security-pack/) - * [Security Bulletins](/doc/security-bulletins/) - * [Canaries](/doc/canaries/) - * [Why and How to Verify Signatures](/doc/verifying-signatures/) + * [Security Center](/security/) + * [Security Pack](/security/pack/) + * [Security Bulletins](/security/bulletins/) + * [Canaries](/security/canaries/) + * [Xen Security Advisory (XSA) Tracker](/security/xsa/) + * [Why and How to Verify Signatures](/security/verifying-signatures/) * [Qubes PGP Keys](http://keys.qubes-os.org/keys/) Choosing Your Hardware @@ -49,7 +50,7 @@ Installing & Upgrading Qubes * [Qubes Downloads](/downloads/) * [Installation Guide](/doc/installation-guide/) * [Upgrade Guides](/doc/upgrade/) - * [Why and How to Verify Signatures](/doc/verifying-signatures/) + * [Why and How to Verify Signatures](/security/verifying-signatures/) * [Security Considerations when Installing](/doc/install-security/) * [Try Qubes without installing: Qubes Live USB (alpha)](/doc/live-usb/) * [Supported Versions](/doc/supported-versions/) @@ -214,15 +215,15 @@ The Basics Security Information -------------------- - * [Security Main Page](/security/) - * [Security Goals](/doc/security-goals/) - * [Security Pack](/doc/security-pack/) - * [Security Bulletins](/doc/security-bulletins/) - * [Security Bulletin Checklist](/doc/security-bulletins/checklist/) - * [Security Bulletin Template](/doc/security-bulletins/template/) - * [Canaries](/doc/canaries/) - * [Canary Template](/doc/canaries/template/) - * [Why and How to Verify Signatures](/doc/verifying-signatures/) + * [Security Center](/security/) + * [Security Pack](/security/pack/) + * [Security Bulletins](/security/bulletins/) + * [Security Bulletin Checklist](/security/bulletins/checklist/) + * [Security Bulletin Template](/security/bulletins/template/) + * [Canaries](/security/canaries/) + * [Canary Template](/security/canaries/template/) + * [Xen Security Advisory (XSA) Tracker](/security/xsa/) + * [Why and How to Verify Signatures](/security/verifying-signatures/) * [Qubes PGP Keys](http://keys.qubes-os.org/keys/) System diff --git a/installing/install-security.md b/installing/install-security.md index d41c60f7..c8327e56 100644 --- a/installing/install-security.md +++ b/installing/install-security.md @@ -76,7 +76,7 @@ Cons: other two options.) -[verify]: /doc/verifying-signatures/ +[verify]: /security/verifying-signatures/ [classic problem]: http://www.acm.org/classics/sep95/ [solutions]: http://www.dwheeler.com/trusting-trust/ [USB qube]: /doc/usb/#creating-and-using-a-usb-qube diff --git a/installing/installation-guide.md b/installing/installation-guide.md index f6930014..74af109f 100644 --- a/installing/installation-guide.md +++ b/installing/installation-guide.md @@ -121,7 +121,7 @@ Getting Help [Hardware Compatibility List]: /hcl/ [live USB]: /doc/live-usb/ [downloads]: /downloads/ -[verifying signatures]: /doc/verifying-signatures/ +[verifying signatures]: /security/verifying-signatures/ [security considerations]: /doc/install-security/ [Rufus]: http://rufus.akeo.ie/ [documentation]: /doc/ diff --git a/security-info/canaries.md b/security-info/canaries.md index 3f7fb287..f0be204d 100644 --- a/security-info/canaries.md +++ b/security-info/canaries.md @@ -1,13 +1,14 @@ --- -layout: doc +layout: security title: Canaries -permalink: /doc/canaries/ +permalink: /security/canaries/ +redirect_from: /doc/canaries/ --- Qubes Canaries ============== -Qubes Canaries are published through the [Qubes Security Pack](/doc/security-pack/). +Qubes Canaries are published through the [Qubes Security Pack](/security/pack/). 2015 ---- diff --git a/security-info/canary-template.md b/security-info/canary-template.md index bc6db262..6bd9cd20 100644 --- a/security-info/canary-template.md +++ b/security-info/canary-template.md @@ -1,7 +1,8 @@ --- -layout: doc +layout: security title: Canary Template -permalink: /doc/canaries/template/ +permalink: /security/canaries/template/ +redirect_from: /doc/canaries/template/ --- Canary Template @@ -20,11 +21,11 @@ View Canary # in the qubes-secpack: Learn about the qubes-secpack, including how to obtain, verify, and read it: - + View all past canaries: - + ``` ---===[ Qubes Canary # ]===--- diff --git a/security-info/security-bulletins-checklist.md b/security-info/security-bulletins-checklist.md index e35b34cc..877bfc49 100644 --- a/security-info/security-bulletins-checklist.md +++ b/security-info/security-bulletins-checklist.md @@ -1,7 +1,8 @@ --- -layout: doc +layout: security title: Security Bulletin Checklist -permalink: /doc/security-bulletins/checklist/ +permalink: /security/bulletins/checklist/ +redirect_from: /doc/security-bulletins/checklist/ --- Security Bulletin Checklist @@ -19,5 +20,5 @@ Announcement * Upload packages to `security-testing` and `current-testing` repositories * Push QSB to public repository - * Announce on the [mailing lists](/mailing-lists) using the [QSB Template](/doc/security-bulletins/template/) + * Announce on the [mailing lists](/mailing-lists/) using the [QSB Template](/security/bulletins/template/) * Announce on social media diff --git a/security-info/security-bulletins-template.md b/security-info/security-bulletins-template.md index eedefc57..dbde3870 100644 --- a/security-info/security-bulletins-template.md +++ b/security-info/security-bulletins-template.md @@ -1,7 +1,8 @@ --- -layout: doc +layout: security title: Security Bulletin Template -permalink: /doc/security-bulletins/template/ +permalink: /security/bulletins/template/ +redirect_from: /doc/security-bulletins/template/ --- Security Bulletin Template @@ -20,11 +21,11 @@ View QSB # in the qubes-secpack: Learn about the qubes-secpack, including how to obtain, verify, and read it: - + View all past QSBs: - + ``` ---===[ Qubes Security Bulletin #]===--- diff --git a/security-info/security-bulletins.md b/security-info/security-bulletins.md index d71e79d3..b111246f 100644 --- a/security-info/security-bulletins.md +++ b/security-info/security-bulletins.md @@ -1,8 +1,9 @@ --- -layout: doc +layout: security title: Security Bulletins -permalink: /doc/security-bulletins/ +permalink: /security/bulletins/ redirect_from: +- /doc/security-bulletins/ - /en/doc/security-bulletins/ - /doc/SecurityBulletins/ - /wiki/SecurityBulletins/ @@ -12,7 +13,7 @@ redirect_from: Qubes Security Bulletins ======================== -Qubes Security Bulletins are published through the [Qubes Security Pack](/doc/security-pack/). +Qubes Security Bulletins are published through the [Qubes Security Pack](/security/pack/). 2010 ---- diff --git a/security-info/security-goals.md b/security-info/security-goals.md index 4fd8b3a3..b746b05d 100644 --- a/security-info/security-goals.md +++ b/security-info/security-goals.md @@ -1,8 +1,9 @@ --- -layout: doc +layout: security title: Security Goals -permalink: /doc/security-goals/ +permalink: /security/goals/ redirect_from: +- /doc/security-goals/ - /en/doc/security-goals/ - /doc/SecurityGoals/ - /wiki/SecurityGoals/ diff --git a/security-info/security-pack.md b/security-info/security-pack.md index 0ade5886..f875f679 100644 --- a/security-info/security-pack.md +++ b/security-info/security-pack.md @@ -1,8 +1,9 @@ --- -layout: doc +layout: security title: Security Pack -permalink: /doc/security-pack/ +permalink: /security/pack/ redirect_from: +- /doc/security-pack/ - /en/doc/security-pack/ - /doc/SecurityPack/ - /wiki/SecurityPack/ @@ -20,7 +21,7 @@ Qubes Security Pack The **Qubes Security Pack** (`qubes-secpack`) is a Git repository that contains: * [Qubes PGP keys](https://keys.qubes-os.org/keys/) - * [Qubes Security Bulletins (QSBs)](/doc/security-bulletins/) + * [Qubes Security Bulletins (QSBs)](/security/bulletins/) * [Qubes warrant canaries](https://github.com/QubesOS/qubes-secpack/tree/master/canaries) * [Qubes Bitcoin fund information](https://github.com/QubesOS/qubes-secpack/tree/master/fund) * Security-related information and announcements (e.g., key revocations) @@ -221,7 +222,7 @@ verifying its contents, and reading them. a trustworthy source (ideally, multiple sources) *other than* this website and visually compare it (them) to the fingerprint displayed in the preceding step, ensuring they match. You can read more about digital signatures and - key verification [here](/doc/verifying-signatures/). + key verification [here](/security/verifying-signatures/). 4. Verify signed Git tags. diff --git a/security-info/security.md b/security-info/security.md new file mode 100644 index 00000000..48e05871 --- /dev/null +++ b/security-info/security.md @@ -0,0 +1,54 @@ +--- +layout: default +title: Security +permalink: /security/ +redirect_from: +- /en/security/ +- /en/doc/security/ +- /en/doc/qubes-security/ +- /doc/QubesSecurity/ +- /wiki/QubesSecurity/ +- /en/doc/security-page/ +- /doc/SecurityPage/ +- /wiki/SecurityPage/ +- /trac/wiki/SecurityPage/ +--- + +Qubes OS Project Security Center +================================ + +- [Security Goals](/security/goals/) +- [Security Pack](/security/pack/) +- [Security Bulletins](/security/bulletins/) +- [Canaries](/security/canaries/) +- [Xen Security Advisory (XSA) Tracker](/security/xsa/) +- [Why and How to Verify Signatures](/security/verifying-signatures/) +- [PGP Keys](http://keys.qubes-os.org/keys/) + +Reporting Security Issues in Qubes OS +------------------------------------- + +If you believe you have found a security issue affecting Qubes OS, either directly or indirectly (e.g. the issue affects Xen in a configuration that is used in Qubes OS), then we would be more than happy to hear from you! + +We promise to treat any reported issue seriously and, if the investigation confirms it affects Qubes, to patch it within a reasonable time, and also to release a public Security Bulletin that describes the issue, discusses potential impact of the vulnerability, references applicable patches or workarounds, and also credits the discoverer. + +The list of all Qubes Security Advisories published so far can be found [here](/security/bulletins/). + +The Qubes Security Team +----------------------- + +The Qubes Security Team can be contacted via email using the following address: + +~~~ +security at qubes-os dot org +~~~ + +### Qubes Security Team GPG Key ### + +Please use the [this GPG key](http://keys.qubes-os.org/keys/qubes-os-security-team-key.asc) for encrypting any emails sent to this address. Like all the GPG keys used by the Qubes project, this key is signed with the Qubes Master key. Please see [this page](/security/verifying-signatures/) for more information on how to verify the keys. + +### Members of the Security Team ### + +- Joanna Rutkowska \ +- Marek Marczykowski \ + diff --git a/installing/verifying-signatures.md b/security-info/verifying-signatures.md similarity index 99% rename from installing/verifying-signatures.md rename to security-info/verifying-signatures.md index 2d0e15e2..03f8e88f 100644 --- a/installing/verifying-signatures.md +++ b/security-info/verifying-signatures.md @@ -1,8 +1,9 @@ --- -layout: doc +layout: security title: Verifying Signatures -permalink: /doc/verifying-signatures/ +permalink: /security/verifying-signatures/ redirect_from: +- /doc/verifying-signatures/ - /en/doc/verifying-signatures/ - /doc/VerifyingSignatures/ - /wiki/VerifyingSignatures/ @@ -307,7 +308,7 @@ or [Qubes Master Signing Key]: https://keys.qubes-os.org/keys/qubes-master-signing-key.asc [keyserver]: https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29#Keyserver_examples -[Qubes Security Pack]: /doc/security-pack/ +[Qubes Security Pack]: /security/pack/ [devel-master-key-msg]: https://groups.google.com/d/msg/qubes-devel/RqR9WPxICwg/kaQwknZPDHkJ [user-master-key-msg]: https://groups.google.com/d/msg/qubes-users/CLnB5uFu_YQ/ZjObBpz0S9UJ [mailing lists]: /mailing-lists/ diff --git a/security/security-guidelines.md b/security/security-guidelines.md index 26b87e83..e28f16df 100644 --- a/security/security-guidelines.md +++ b/security/security-guidelines.md @@ -11,12 +11,12 @@ redirect_from: Security Guidelines =================== -The [Qubes introduction](http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html) makes clear that without some active and responsible participation of the user, no real security is possible. So, for example, Qubes does not automagically make your Firefox (or any other app) running in one of the AppVMs suddenly more secure. It is just as [secure (or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) as on a normal Linux or Windows OS. But what drastically changes is the context in which your applications are used. [This context](/doc/qubes-architecture/) is a [responsibility of the user](/doc/security-goals/). But participation requires knowledge. So it is worth stressing some basic items: +The [Qubes introduction](http://theinvisiblethings.blogspot.com/2012/09/introducing-qubes-10.html) makes clear that without some active and responsible participation of the user, no real security is possible. So, for example, Qubes does not automagically make your Firefox (or any other app) running in one of the AppVMs suddenly more secure. It is just as [secure (or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) as on a normal Linux or Windows OS. But what drastically changes is the context in which your applications are used. [This context](/doc/qubes-architecture/) is a [responsibility of the user](/security/goals/). But participation requires knowledge. So it is worth stressing some basic items: Download Verification --------------------- -**Verify the authenticity and integrity of your downloads, [particularly Qubes iso](/doc/verifying-signatures/).** +**Verify the authenticity and integrity of your downloads, [particularly Qubes iso](/security/verifying-signatures/).** Standard program installation diff --git a/system/security-critical-code.md b/system/security-critical-code.md index c9fad6db..7fd9a5d2 100644 --- a/system/security-critical-code.md +++ b/system/security-critical-code.md @@ -14,7 +14,7 @@ Security-Critical Code in Qubes OS Below is a list of security-critical (AKA trusted) code in Qubes OS. A successful attack against any of those might allow to compromise the Qubes OS security. This code can be thought of as of a Trusted Computing Base (TCB) of Qubes OS. The goal of the project has been to minimize the amount of this trusted code to an absolute minimum. The size of the current TCB is of an order of hundreds thousands of lines of C code, which is several orders of magnitude less than in other OSes, such as Windows, Linux or Mac, where it is of orders of tens of millions of lines of C code. -For more information about the security goals of Qubes OS, see [this page](/doc/security-goals/). +For more information about the security goals of Qubes OS, see [this page](/security/goals/). Security-Critical Qubes-Specific Components -------------------------------------------