From c815304026d30f7774f804498d20431ccdf8dc7f Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Sat, 1 Jun 2024 14:12:57 -0400 Subject: [PATCH] readme --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d5cc076..5c9df4a 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ configuration file. - Set coredump file name based on core_pattern value instead of the default of naming it 'core'. -- Will disable `io_uring` interface for performing asynchronous I/O as it has +- Will disable `io_uring` interface for performing asynchronous I/O as it has historically been a significant attack surface. ### mmap ASLR @@ -478,6 +478,8 @@ See: - Deactivates previews in Nautilus - `/usr/share/glib-2.0/schemas/30_security-misc.gschema.override`. - Deactivates thumbnails in Thunar. + - rationale: lower attack surface when using the file manager + - https://forums.whonix.org/t/disable-preview-in-file-manager-by-default/18904 - Thunderbird is hardened with the following options: - Displays domain names in punycode to prevent IDN homograph attacks (a form of phishing).