On 12/01/2016 03:03 PM, entr0py wrote:

Currently any AppVM has persistent storage, it is referenced by
default at least as /home, /rw/config, /usr/local. And software is
executed from this persistent storage from read-only system.

There may be additional persistent storage enabled as well[1].

This allows an adversary to install persistent AppVM exploit e.g. via
~/.bashrc or /rw/config/rc.local. Advanced exploit can then hide its
own invocation script, so it won't be possible to detect it from
running VM itself (at least aafter /rw/config/rc.local is executed;
so better check when VM is turned off).

Hence, all untrusted activity should be performed in a disposableVM or 
untrustedVMs with nothing of value.

There are more threats from persistent malware than what has been discussed so far. As one example, the lax security within appVMs makes them an ideal target for launching attacks against other computers on a network. Another example is when long-term profiling of a victim's system is required before launching an attack.

If normal permission-based security is enabled in an appVM/domU, then there is a chance that system updates can render malware installations defunct. Actually, the chance of this working is much better on Qubes because no private.img-based rootkit can attempt to corrupt the update process. So one of Qubes' best features is partially negated by default; Malware that got into the VM via an application vulnerability can easily persist as a kind of rootkit by simply adding a 'sudo ...' command to a user script.

The first step in addressing the issue is to follow the 'vm sudo' doc (disregarding the outdated explanatory part)...


I think given recent developments in computer security, re-enabling guest OS security will improve overall security on Qubes.


You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to