Apr 13, 2024, 06:46 by a...@qubes-os.org: > On 4/12/24 4:50 AM, Gerhard Weck wrote: > >> [...] >> >> - Things may look different, if an attacker could, via the Xen PV drivers, >> break out of a Windows VM with QWT and compromise Xen, and therefore Qubes >> itself. In this case, usage of a Windows VM with the insecure QWT may be >> too risky in many, but not all circumstances. So far, I found no >> information, if such a scenario is possible at all. What is the extent of >> possible compromises of the Xen PV drivers - is it just local to the VM or >> could it reach into Qubes itself? It would be helpful if this could be >> clarified somehow. >> >> [...] >> > > This was already clearly addressed in QSB-091: > >> Impact >> ------- >> >> If the Xen Project's Windows PV Drivers were compromised at build time, >> all Windows qubes that have Qubes Windows Tools (QWT) installed may also >> be compromised. If the drivers were not compromised at build time, then >> there is no known vulnerability. >> >> Dom0 is not affected, even though the `qubes-windows-tools` package is >> installed in dom0, since neither the dom0 package build process nor dom0 >> itself interprets these driver files. Rather, the purpose of this >> package is merely to make the driver files available to the Windows >> qubes in which QWT are installed. >> > > In other words, only the Windows VMs using QWT are potentially at risk, not > dom0, Xen, or Qubes OS itself. >
@adw , thank you. So, QWT does not directly affect security of dom0 nor other non-windows qubes. Please also tell if QWT is deprecated, as unman kind of said, or not? -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/NvN0s7D--3-9%40tutanota.com.
