On 12/01/2016 03:03 PM, entr0py wrote:
Currently any AppVM has persistent storage, it is referenced by
default at least as /home, /rw/config, /usr/local. And software is
executed from this persistent storage from read-only system.
There may be additional persistent storage enabled as well.
This allows an adversary to install persistent AppVM exploit e.g. via
~/.bashrc or /rw/config/rc.local. Advanced exploit can then hide its
own invocation script, so it won't be possible to detect it from
running VM itself (at least aafter /rw/config/rc.local is executed;
so better check when VM is turned off).
Hence, all untrusted activity should be performed in a disposableVM or
untrustedVMs with nothing of value.
There are more threats from persistent malware than what has been
discussed so far. As one example, the lax security within appVMs makes
them an ideal target for launching attacks against other computers on a
network. Another example is when long-term profiling of a victim's
system is required before launching an attack.
If normal permission-based security is enabled in an appVM/domU, then
there is a chance that system updates can render malware installations
defunct. Actually, the chance of this working is much better on Qubes
because no private.img-based rootkit can attempt to corrupt the update
process. So one of Qubes' best features is partially negated by default;
Malware that got into the VM via an application vulnerability can easily
persist as a kind of rootkit by simply adding a 'sudo ...' command to a
The first step in addressing the issue is to follow the 'vm sudo' doc
(disregarding the outdated explanatory part)...
I think given recent developments in computer security, re-enabling
guest OS security will improve overall security on Qubes.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.