'Re: [qubes-devel] Qubes Security Bulletin #22 (Critical bug)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Qubes Security Bulletin #22 (Critical bug)
From:       sowowsuchmailvery () onenetbeyond ! org
Date:       2015-10-30 7:06:03
Message-ID: 563316DB.7020609 () onenetbeyond ! org
[Download RAW message or body]


On 10/30/2015 12:13 AM, Axon wrote:
> Marek Marczykowski-Górecki:
> On Thu, Oct 29, 2015 at 03:46:13PM +0100,
> sowowsuchmailvery@onenetbeyond.org wrote:
> 
> Hello,
> 
> In my understanding, not even a grsec/pax kernel would have
> stopped this. For example Alpine Linux as dom0. Is it correct?
> Yes, any protection applied by dom0 is useless here, as the
> vulnerability allows direct escalation from any PV VM to complete
> system control.
> > > > 
> This is the sort of insane bug that haunts Qubes users' nightmares (or
> at least mine). The fact that it's been there for seven years is
> almost enough to make one want to throw up one's hands and reconsider
> this whole "using computers" thing.
> 
> On a more sober note, I was surprised by this comment in the QSB:
> 
> This bug might also be considered an argument for the view of
> ditching of para-virtualized (PV) VMs, and switch to HVMs,
> Seems like many (most?) of the serious Xen bugs *before this one*
> affected only HVMs. Out of the frying pan and into the fire?
> 
> or better yet: PVH VMs for better isolation.
> Sounds like the best (=least bad) option.

Attackers will always get what they want as long as it's not too
expensive compared to the results.

I see a point in setting up protection on all levels (not just by
isolation) and to make an attack harder, more resourceful and more
detectable.

Even in VMs we may have important files and don't want to give them to
someone else for cheap tricks, right?

Would Qubes OS consider this kind of approach and for example add some
hardening to the default VM templates? Or stick to the message of "the
sudoers file"? ;)

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/563316DB.7020609%40onenetbeyond.org. \
For more options, visit https://groups.google.com/d/optout.


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic