A new Subgraph OS Alpha ISO is available for download.

(Onionshare and Ricochet now work out of the box, fully sandboxed)

New features: Alpha release 3

1. ROFLCoptor Tor Control Port Filter and State Tracker Daemon

ROFLCoptor filters Tor control port traffic. It is configured with application-specific security policies to limit what actions may be performed through the control port. ROFLCoptor also includes integration with OZ for dynamic port forwarding capabilities to support fully sandboxed applications that create ephemeral Tor hidden services, such as OnionShare, Ricochet, and Bitcoin core.

2. OnionShare

Subgraph OS now includes OnionShare. OnionShare is an application for sharing files securely and anonymously over the Tor network. OnionShare is fully sandboxed in OZ and has been integrated into the Nautilus file manager (right-click on file to share over OnionShare).

3. Ricochet

Ricochet is an anonymous peer-to-peer instant messager. It is different from other instant messagers because instead of using central chat servers, users connect directly to one another over Tor hidden services. Ricochet runs fully sandboxed in OZ.

4. Subgraph OS Handbook

We have included our documentation in the operating system. A shortened version can be read from the desktop (using yelp). The complete documentation (HTML, PDF) can be found in the following directory: /usr/share/sgos-handbook/

Improvements and bug fixes

Our last ISO was released in June. There have been many improvements and fixes since. We'd like to highlight a few major ones.

1. Our Grsecurity kernel has been upgraded to version 4.8.15

Among other improvements, this fixes the "Dirty COW" vulnerability (CVE-2016-5195). We addressed this vulnerability earlier for users who have installed Subgraph OS. It is now addressed in the live disc as well.

2. MAC address spoofing has been fixed

For as long as memory serves, Linux users have used if-pre-up scripts to accomplish MAC spoofing for network interfaces. A number of years ago changes in NetworkManager broke this functionality. This bug first reported in 2010 remained unfixed until a couple of years ago, however the implemented fix via nm-dispatcher did not actually allow for MAC Spoofing and was only helpful for bringing up iptable rules.

Thankfully a reliable method was implemented via udev to spoof on boot. Recently, NetworkManager started implementing some new MAC spoofing technics of its own. However these are not yet fully capable, and broke the udev technique in passing. Thankfully upstream quickly provided a fix this time around. This means that our udev based mechanism works again. This required a configuration change for NetworkManager to "preserve" spoofed MAC addresses.

3. Audio issues addressed in OZ

We have updated the PulseAudio configuration to correct audio-related issues in sandboxed applications.

4. Application firewall improvements

The application firewall now includes "system" rules. These are the default rules for Subgraph OS. With this upgrade, they are now treated differently than the user-defined rules. The firewall settings UI has been updated to reflect this change. We have also improved the usability of the firewall settings UI and Prompt.

5. OZ now includes support for dynamic forwarders

Dynamic forwarders lay the groundwork for running servers in the OZ sandbox. This has enabled us to support OnionShare, Ricochat, and Bitcoin core, which all both start Tor hidden server servers in the sandbox. Incoming client connections are forwarded into the sandbox.

6. This release addresses the APT signature verification vulnerability

(CVE-2016-1252)

CVE-2016-1252 is now addressed in the live disc. Subgraph OS is only distributed for the x64 architecture, so it was not believed to be at risk. This release closes the vulnerability completely.

7. Port to gosecco

In this release we have integrated a new Go seccomp-bpf library developed by the ThoughtWorks Tiger team. Gosecco allows us to create more expressive and efficient policies for our sandboxed applications.

Acknowledgements

We would like to thank everybody for all of your help and feedback during the Alpha. We expect to have a Beta out sometime in 2017. There are some people we'd like to call out specifically:

Stephen Watt (@uT_infection) for a bunch of stuff, notably assisting greatly with porting the seccomp-bpf policy generator to gosecco as well as the early version of the log monitor
Leif Ryge (@wiretapped), Claudio Guarnieri (@botherder), Will Scott (@willscott), Special (@jbrooks_), Donncha O'Cearbhaill @DonnchaC, and Rafael Bonifaz (@rbonifaz) for testing and valuable feedback
@david415 for contributing ROFLCoptor + some help from @wiretapped
Alison Macrina (@flexlibris) for numerous bug reports and help testing
@femmetasm for testing, patient help bugfixing, and useful ideas
ThoughtWorks Tiger/Strike teams: Ola Bini (@olabini), Yakira Dixon (@ultrastoic), Rosalie Tolentino (@rosatolen), Chelsea Komlo (@chelseakomlo), Fan (@tcz001), Tania Silva (@tdruiva), Reinaldo Junior (@reinaldojunior), Ivan Pazmino (@iapazmino) for: CoyIM, gosecco