On Wednesday, 12 October 2016 19:50:10 UTC+11, Robert Mittendorf  wrote:
> Well, the discussion leaves the focus I intended it to have.
> It is surely worth thinking about what a minimum templates needs to have.
> Nevertheless I think Qubes is about "I know I can get exploited, so just 
> protect the other parts of the system". Afaik a normal Qubes template 
> has only the root user, so after an exploit the attacker is root in that 
> VM right?

By Default, yes, unless you actually secure your templates properly.
If you secure the templates, they would have a very very very hard time even 
thinking about getting root access in a template.

> My thoughts are more about continuing the attack to other QubesVMs or 
> even other systems by means of installed Software like a VNC client.

In general, they can't.
Unless you are meaning gaining access via the Dom0 passthru system where you 
can copy files to other vms?
Or unless you are using an InterVM machine, like I do. But I only ever allow 
the ports I require to be used at that time. I do have one area that is set up 
as a complete, but they can only talk to each other, nothing else.

So if you configure Qubes correctly, including the VMs, it will be very 
difficult to actually attack other VMs in the way I think you may be thinking 
it's easy?

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to