"is single user in each VM because it is assumed that the kernel is not trustworthy."
Can you elaborate it a bit? I don't get what you mean. Are you assuming that compromising a jailed an unprivileged web browser is the same as running it as root? "higher security and performance can perhaps be achieved by using stuff like unikernels running stripped-down apps or services" 100% agree. "why publish a PDF? It's not linkable, hard to quote... Why not a post on a blog?" Not linkable...? I don't have a blog. Maybe I should start one. Thanks for the suggestion. El jue., 16 dic. 2021 23:21, Manuel Amador (Rudd-O) <rud...@rudd-o.com> escribió: > > > On December 16, 2021 8:25:19 AM GMT+01:00, Hugus Maximus < > skydive...@gmail.com> wrote: > > > >Hi all, > > > >I just published document discussing some well known security > limitations > >of Qubes OS: > > > >https://www.pentest.es/Demystifying_QubesOS_Security.pdf > > I will review it. > > That said, the security model of Qubes is single user in each VM because > it is assumed that the kernel is not trustworthy. So some of your > suggested measures, given the official postulates of the Qubes project, are > pointless. > > I personally think that higher security and performance can perhaps be > achieved by using stuff like unikernels running stripped-down apps or > services (single-process VMs which start in milliseconds). Genode is > making headway in that direction without the need for unikernels or > virtualization. > > Question: why publish a PDF? It's not linkable, hard to quote... Why not > a post on a blog? > > -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CA%2Bi0rxskPFuBAYeQ_rW6qr4Hjyb-KZJWWk904fjKd1yr2xAM4w%40mail.gmail.com.