[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-users
Subject:    Re: [qubes-users] PCMCIA card - how prevent to assigning to dom0 and start direct with sys-net?
From:       Marek =?utf-8?Q?Marczykowski-G=C3=B3recki?= <marmarek () invisiblethingslab ! com>
Date:       2015-10-31 13:34:30
Message-ID: 20151031133430.GP877 () mail-itl
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Sun, Oct 25, 2015 at 02:18:17AM -0700, niepowiem48@gmail.com wrote:
> Hello,
> 
> I have pcmcia wifi card and I want start its with sys-net (device is assigned to \
> sys-net) When I put card into pcmcia slot cart its firstly assigned to dom0 and \
> next I can start sys-net. Without assignig this card firstly to dom0 I can't start \
> sys-net as there is message showed info "there is no device" or something simillar. \
>  How prevent assignig this card to dom0 and start this device only in sys-net?

If you plug the card before starting the system, it will be assigned to
xen-pciback driver (which among other things, prevents dom0 driver
touching the device). But this is done automatically only at system
startup. If you plug the device later, there is no such mechanism
currently.

Anyway there is nothing in dom0 which would configure the device, so if
the device itself isn't malicious, dom0 would not be exposed for network
access.

@Joanna: should we add some udev rule to automatically attach such
devices to xen-pciback driver? Allowing hotplug of DMA capable devices
to dom0 isn't a good idea, but but at least we could have some
mitigation factor.

- -- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJWNMNmAAoJENuP0xzK19cssb4H/RFlJBo1eRfdUDt+ei+ngsc0
uafgxR6YFTUBhZjjfrPpXktjv83WYxDPosFP8jrHYDmoFK3f9mLL+juX+WelWg9b
sBpXlIjqlKEXiyyTuJSkruTLqUWKAyQshJROag5YMfw5GEZxf80ScDDmte6XI4hG
eEbNcOWd026GaL6LDmFBgSuYemnmy9yGwFY/+mMhOpbBwsNAlE6E8Z/b/JHNPAf7
L0gIPHih9AqM9AzGYSXgHWOaulwC0aOaCYcE7JrKEiIhwEE+E1XIPsQR63wTbVu3
cYums2h5MlU/5bf0mgtxiRksy/3F7JY5rYHw4ikNKYXfrSj13XF/+lHunVKk/HI=
=ljAg
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-users" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-users+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-users@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-users/20151031133430.GP877%40mail-itl. For \
more options, visit https://groups.google.com/d/optout.


[prev in list] [next in list] [prev in thread] [next in thread]