-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Michael Singer:
> I am looking for a really secure way to use Qubes for searching not > only a hard drive for file names, but for text that is in files. > > The goal is to avoid an exploit in the searched files leading to a > takeover of the hard drive by malware. > > The total size of all my files is too large for me to put them all > in one qube before searching for text in them. > > Would it perhaps be possible to mount only a single partition of the > hard drive into a qube, but not with write permissions, only read > permissions? Yes, e.g. like this: $ qvm-block attach --ro destinationvm sys-usb:sda1 Then you can decrypt and mount the read-only /dev/xvdi in the destination VM. > I would do the search on command line, using "grep" for plain text > files, "pdfgrep" for PDFs, and something for table files, databases, > etc. > > Is my idea feasible? And how secure would it be? Sounds fine to me. But malicious content could still exploit the destination VM, so consider attaching to a DisposableVM (after switching off its networking). If your partition is LUKS1[1] encrypted, Split dm-crypt[2] might be convenient. Its default behavior is to attach the decrypted partition to an offline DisposableVM: $ qvm-block-split attach --ro sys-usb:sda1 [1] TODO: LUKS2 support [2] https://github.com/rustybird/qubes-split-dm-crypt Rusty -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEhLWbz8YrEp/hsG0ERp149HqvKt8FAmC41rFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDg0 QjU5QkNGQzYyQjEyOUZFMUIwNkQwNDQ2OUQ3OEY0N0FBRjJBREYACgkQRp149Hqv Kt/Lyw//cZIGHFtGNqEbBSIoNlWgNuxQxpfbaNrgkfnRyzqRQgJ99qgZU7rCJmTq OygfKEE+Iwgnn6MdYDjvIG1JSAAW6hBonAYDpIGRNWFdJGHppJvxOvVSH7zlni/8 xwQjrn2X3NnMhlEBLNMibyx5Sc7GpId+/nEaz3UXhb1g7METBk1AVzLc20HOT5Ga 5zeaBz+6BoXi7YUoBYkCgU2GbuiOK6ZGgTJ5ekCP+iT0tTbZ8s97XNmmBe2oPHgP IHpPBgezjnG8az7Z7uRC1BHYQQx4mKEC2K9LOSUmWkqZiPFmJ+OYgdAt4GSzJjka TvJQK17rNuFy3+vvfipmI94IhBClV0PnT55YKQgE1KBEyxi5Rs179wIY5Jx68emp BgpFUdsUK1CPxbdPixUESLf2jzkgQwN9h1GtFiX5sFWdldAUXqyHEmKobnyxAQEG Hz6S2d2SiR88USW1D4f/dFsRSi3ef1EcCKI6nzTISnJ+vHWFG6r6gzTSN4pHWpI0 irbGR4KfI1rAwk9fk4YV+BFSXhHI8af17mvU3ot9qB2lI1JfIljMBG6se7ad2YDd FdMJVwtkuJmRCf9PfG3InB2wqX71eIwKFlb+oviAcyGJZHvEH2wdmeiQCj6jhPCw hHUtGl0eVHrVGV4hw34oCzjoaM1V+8TU5msvxd6lTIgAcrUqFZ8= =7/h+ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/YLjAMaVc8KFVSWSp%40mutt.
