SharpBang (♯!) "live" ISO image

Head_on_a_Stick · 2018-01-07 21:41:48

^ Well, it's only a local vulnerability and it doesn't seem likely (or possible) that anybody would boot the ISO and then have several other users log in and thus allow one of them to exploit the hole.

I don't think firefox-esr allows for the context switching that the exploit is based on so the setup should be OK otherwise (AFAIK).

brontosaurusrex · 2018-01-08 08:42:14

I missed the "local" bit, from what i read it could be a web page (theoretically), but can't find the proper link right now.

edit, this: https://www.bleepingcomputer.com/news/s … e-attacks/

Last edited by brontosaurusrex (2018-01-08 09:56:35)

Head_on_a_Stick · 2018-01-08 19:18:13

Firefox v57.0.3 could be used as an attack vector, yes, but v57.0.4 has had it's fancy timing system crippled to break this.

The firefox-esr package used by #! (and BL) does not have this "feature" and so is "safe" to use.

Eon · 2018-01-09 06:26:56

Holy cow, just bumped upon this thread and sounds really interesting. Honestly I'm willing to experiment with anything that runs on less and less resources, so I will definitely give this a try.

Head_on_a_Stick · 2018-02-24 20:58:41

Updated the image to kernel 4.15.5, it now has full generic retpoline and __user pointer sanitisation along with the PTI mitigation so both Spectre and Meltdown are covered.

Head_on_a_Stick · 2018-02-25 01:07:01

Added dnssec-trigger because my "hardcoded" configuration didn't work and also a menu entry for the network manager (grml-network).

Head_on_a_Stick · 2018-02-25 11:21:11

OK, finally fixed the resolv.conf issue and stopped dhclient from overwriting the namesevers.

New version uploaded now.

Head_on_a_Stick · 2018-03-18 14:05:31

Updated the image and managed to strip 60MiB off after realising that /boot/* isn't needed in the live system.

It's now at 809MiB, which is pretty good for the functionality on offer.

I also now have the means to produce an installable system for this — if there was any interest I could package up the configuration changes and push out an installer ISO.

beaker · 2018-03-18 17:22:02

Head_on_a_Stick wrote:

— if there was any interest I could package up the configuration changes and push out an installer ISO.

I would be interested

Head_on_a_Stick · 2018-03-18 17:38:09

^ Noted

It may take a while but it should be fairly simple because I have removed all of the BunsenLabs packages from this desktop and it uses pure Debian repositories (apart from the Liquorix kernel) and so only needs some configuration files in a single package to set it all up 8)

Head_on_a_Stick · 2018-03-25 15:53:21

Updated the image to kernel 4.15.11

Also added xserver-xorg-video-qxl for improved performance under KVM/QEMU with SPICE.

beaker · 2018-03-25 20:25:44

Is this an installable iso?

Head_on_a_Stick · 2018-03-25 20:37:04

^ No, not yet, that will have to wait until after Helium is released so it doesn't distract me too much

beaker · 2018-03-25 20:49:10

ok - no worries

Head_on_a_Stick · 2018-04-23 20:59:14

Another image update: new kernel & firefox-esr version.

Under the hood I have restructured the configuration from a hacky /etc/skel method to a more refined sharp-user-setup script activated by /etc/X11/Xsession.d/22-sharp-user-setup (this is in line with BunsenLabs' method).

The obsession package has been removed and replaced with sharp-exit.

Now that the Helium release is imminent I will start to look at packaging up the configuration (perhaps with a sharpbang-desktop-task) and making an installable ISO image.

or1o9 · 2019-10-26 07:45:45

Awesome work Head_on_a_Stick.

https://head-on-a-stick.github.io/

MALsPa · 2020-09-13 02:53:27

orionH wrote:

Awesome work Head_on_a_Stick.
https://head-on-a-stick.github.io/

I know this is an old thread, but...

Thanks, Head_on_a_Stick! I got a new laptop and used sharpbang-buster-10.5.0-amd64.hybrid.iso for the installation. Of course I've tweaked a bunch of things to suit my own tastes, but this was a great way to get up and running.

#81 2018-01-07 21:41:48

Re: SharpBang (♯!) "live" ISO image

#82 2018-01-08 08:42:14

Re: SharpBang (♯!) "live" ISO image

#83 2018-01-08 19:18:13

Re: SharpBang (♯!) "live" ISO image

#84 2018-01-09 06:26:56

Re: SharpBang (♯!) "live" ISO image

#85 2018-02-24 20:58:41

Re: SharpBang (♯!) "live" ISO image

#86 2018-02-25 01:07:01

Re: SharpBang (♯!) "live" ISO image

#87 2018-02-25 11:21:11

Re: SharpBang (♯!) "live" ISO image

#88 2018-03-18 14:05:31

Re: SharpBang (♯!) "live" ISO image

#89 2018-03-18 17:22:02

Re: SharpBang (♯!) "live" ISO image

#90 2018-03-18 17:38:09

Re: SharpBang (♯!) "live" ISO image

#91 2018-03-25 15:53:21

Re: SharpBang (♯!) "live" ISO image

#92 2018-03-25 20:25:44

Re: SharpBang (♯!) "live" ISO image

#93 2018-03-25 20:37:04

Re: SharpBang (♯!) "live" ISO image

#94 2018-03-25 20:49:10

Re: SharpBang (♯!) "live" ISO image

#95 2018-04-23 20:59:14

Re: SharpBang (♯!) "live" ISO image

#96 2019-10-26 07:45:45

Re: SharpBang (♯!) "live" ISO image

#97 2020-09-13 02:53:27

Re: SharpBang (♯!) "live" ISO image

Board footer