'Re: [qubes-devel] Exposed surface of the template used for the sys-* VMs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] Exposed surface of the template used for the sys-* VMs
From:       Andrew David Wong <adw () qubes-os ! org>
Date:       2016-12-28 7:28:08
Message-ID: 80407ed4-3aa6-a7e3-ad71-d19c031ea2af () qubes-os ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 2016-12-27 11:38, 'David Shleifman' via qubes-devel wrote:
> One of the great things about Qubes OS is the reduction of the surface
> exposed to attacks [1].  The road to achieve this is discussed elsewhere [2].
> 
> Individual virtual machines such as sys-net, sys-firewall, and sys-usb
> indeed limit the exposed surface.   In Qubes 3.2 they are based on the
> Fedora template.   The exposed surface of this template is most likely
> bigger than the exposed surface of the Fedora-minimal template [3].
> What are the driving factors behind the decision to stick to the Fedora
> template as opposed to the Fedora-minimal template?  Has a template
> with a smaller kernel ever been considered?
> 

We haven't decided to stick to the Fedora template as opposed to the
Fedora-minimal template. We offer both. The Fedora-minimal template is
only appropriate for users who are willing and able to install many
programs on their own. It is not suitable as a general use template or
as a default template since it does not contain any of the programs that
the vast majority of users expect to be able to use.

In short, it would be a UX and support nightmare to set the
Fedora-minimal template as the default. Many users would be confused and
frustrated about why even basic things like 'sudo' and 'vi' aren't
available.

On the other hand, more advanced users find the ability to have a blank
slate to work with very appealing for innumerable purposes. The
Fedora-minimal template is meant for these users.

> 
> References
> ----------
> 
> [1] How is Qubes different from other security solutions? \
> https://www.qubes-os.org/doc/user-faq/#how-is-qubes-different-from-other-security-solutions
>  [2] See for instance, Software compartmentalization vs. physical separation. \
> http://invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf
>  [3] Fedora - minimal. https://www.qubes-os.org/doc/templates/fedora-minimal/
> 

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJYY2mEAAoJENtN07w5UDAwpJgP/1MHR9iW5Ae8AVJOr5+l4I53
xM7Eshjcv8tiV1TlugxqtWWxc7GUIOFoY11/I9p/yuLKRxwgVw7LY2fCM850l5dV
+Hf50wnPiKe3SQnwyswxHFaaF8QAAT1tOjo7EJcgTppEAdSlTnVmxuLX5YzH31zc
IO67Rac/TooKE49pegsXPzYVsrRCFKQZCzjNE0cvtw1i3vHYA9u6TirHns1bqOwE
LsAl2gmdIz0ilP27yDMVzWqp3F8gLDjnoTyWhggGe2oKGTIe4JfvOkBZEF2EBta1
gPRAgISxbppemfIwcSrPTvXKV9ijKato1ytC4hYDhDpgA+JywCzB+JYZxQ6LTEwT
Ymczt7PwoGH1y4oT0kGseQepsrlj+JQlXgqg9Lr/Bgix/E2j7rQe4l7e9G7Z4SAl
+fhFNdKgVE7z+WRf7QdYgVbKZY7AD45DossxckB/1cZhoTl+yOjQDGA2UWoyEptl
ktdx6hIfNjvEwOR+myPE2h6umadfZvl7jwZHdfhuBK4yqIjlL8eFqYJa7AjI/vmH
smucQU78Sh/vhBXmkPTkna7glLMr9qpBxKNbsBta+krF981bStWyM447rNy64rXQ
HR7GMjM6ga9bQFGjOPfg5fmLYtZJ55qm+vX4wEnSuPXRluqyg1cPZw46h7cYwfsG
PTZswBLjewTLgj2XrHLR
=knGT
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/80407ed4-3aa6-a7e3-ad71-d19c031ea2af%40qubes-os.org.
 For more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic