-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-07-02 05:30, Franz wrote: > With Qubes release 3.x, having USB controller(s) default assigned > to sys-usb and Xen meddling checking shared resources between > different USB controllers, it is even more difficult than R2 to > use external USB music hardware, either for output or input. > > So I wonder: why not using sys-usb as a music hub? Everything is > already assigned and all you have to do is plug in external USB > devices. > > Well, now all music I'm playing on other hardware are mp3 > downloaded from internet, which means sources that I cannot > control and eventually compromised. So this may result in > compromising sys-usb. Consequences? I do not know, but I do know > that the color of sys-usb is default red, so this may not be a > mayor problem. > > What do you think? > > I have seen that default sys-usb does not has a sys-net VM. It may > be possible to leave it as it is, playing music saved on a USB > medium, or it may be even more convenient to connect sys-usb to a > sys-net VM to directly play music from youtube, internet radios, > etc. Would you do that? > > Best Fran >
- From a security perspective, I think you're right. sys-usb and sys-net (in some cases, they may be combined) should be assumed to be compromised, which means that we should assume that an attacker could be using sys-usb to do anything (including play music files). If we're already assuming that an attacker could be doing this, why shouldn't you (the actual owner of the system) not do it yourself, if you want to? - From a practical perspective, your performance may not be very good if memory balancing is disabled and a low amount of memory is assigned to the VM, so you may want to adjust this. (You wouldn't adjust this to benefit an attacker, though, so the analogy may start to break down here.) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJXd8pHAAoJENtN07w5UDAwqJYP/2n4dkvRYPinkD0XpBlrvE5Y mGAZ5r9ILgngl+J1GnbsSsVZ1LroxuB5IeRfoZKNIJ6YvpSXfrDzg3bo1L/9jP8y ItpynJyyZB5VPN7d3QVLgbjef0M1efOgNGz0LppowbmZVCbYqniE3m0bKvbbPGPp 2VFM+qS6jkWiTQxsiGzPiDH0nCiMV7DO5V8Sin84gsWpi+C7/MAC/aE0pXqabPXB 7krqH6gSV73cXMOTjVrlMdtudoVShC0GrTvUEnLgjZekGkAat/6t/QgNXYtg85Ba 0b2SeRZYL0jbQvbRJdrzkRl7sPc/MNBo6SAaIYAE7m80lBRLfNmHCR+2KZfFO1oB 4OCK5MzwMCSedZACntEz6YIxo5EmuIcXJhit3Lch4YNaWoVLlWpiPZuEV0Zde7MN ygJJqL7OT1uJJiwBIMSP8nDigz0noyGsmKAS4ETD8G1dCAmxQUUObsvl8gqnrPyh o+Y+aXr4OkYVK4U5fZVZAxNtyuhZXzy1Qy9CxsAJJEODIr7kWq0SLKudCJQrOKyc 6bpNO6kj4tKx/2J3hh7tsOHrm5CJAgdohN97lbEKHjMNJSp3vuCa6Hb3t9xhmBgS g19C/WyeScqFjiNUqX+PvAEo/mleu2+npXlR6LpeITCtgdgQuoeIuN3EMvbgIZo7 kF6sJ6taZjwyPDOEOKSk =vWLK -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/54db7572-dc6a-ae43-78c8-e34ed21e5f64%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
