Hi, is there a way to connect to appvm console directly from qubes login screen? The reason for doing this is to give access to internet to other user while not giving him possibility to access anything else, he will be locked in virtual machine, neither usb copying will be allowed. What is your opinion on this? What about security issues?
thanx for advice. jan Dňa pondelok, 3. mája 2010 12:33:07 UTC+2 Joanna Rutkowska napísal(-a): > > On 05/01/2010 01:11 AM, Peter Moody wrote: > > Howdy, > > > > I have a somewhat strange use-case; I like to try and use qubes (or > > something like qubes) to protect not only the user applications (and > > appvms) from each other, but as an administrator, I also want to set > > this up so that the user can't bypass my additional policy. > > > > Qubes does not pretend to be a multi-user system. > > We originally discussed some possibilities of creating unprivileged > (multi) user account(s) in Dom0, so that e.g. user Alice didn't have > access to user's Bob's AppVMs. But Rafal immediately came up with a > dozen on of potential attack vectors from such unprivileged user > accounts to system admin (root), that we decided to give up on this. The > biggest problem here is that the Xen infrastructure, e.g. the Xen Daemon > (xend)'s management interface, has not been designed to allow for secure > control of Xen by an unprivileged user. So, there doesn't seem to be a > secure way to e.g. allow user Alice to talk to Xend in order to control > her VMs, but at the same time to not introduce huge attack surface that > might let her escalate to root. > > Plus, there are many other avenues for a user that has physical access > to the machine to escalate themselves to root. E.g. they can boot system > in single user mode (this will be in the future prevented as a side > effect of using Intel TXT trusted boot). Or the user might insert a > Firewire/PCCARD and again gain full control over the system (this will > be in the future prevented via more fine-grained VT-d permissions and > isolated storage domain). > > So, for the above reasons, we currently do not plan to implement support > for multi-users for Qubes. We just know it cannot be done securely in > the moment. > > We currently try to protect the user from various threats, rather than > protect the system from the user. > > Obviously other OSes, like Windows or Mac, are not any better in terms > of multi-user security. > > joanna. > > -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/e557bb7e-b258-49e2-b3e4-af578614b73e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
