On Wednesday, 12 October 2016 19:50:10 UTC+11, Robert Mittendorf wrote:
> Well, the discussion leaves the focus I intended it to have.
> It is surely worth thinking about what a minimum templates needs to have.
> Nevertheless I think Qubes is about "I know I can get exploited, so just
> protect the other parts of the system". Afaik a normal Qubes template
> has only the root user, so after an exploit the attacker is root in that
> VM right?
By Default, yes, unless you actually secure your templates properly.
If you secure the templates, they would have a very very very hard time even
thinking about getting root access in a template.
> My thoughts are more about continuing the attack to other QubesVMs or
> even other systems by means of installed Software like a VNC client.
In general, they can't.
Unless you are meaning gaining access via the Dom0 passthru system where you
can copy files to other vms?
Or unless you are using an InterVM machine, like I do. But I only ever allow
the ports I require to be used at that time. I do have one area that is set up
as a complete, but they can only talk to each other, nothing else.
So if you configure Qubes correctly, including the VMs, it will be very
difficult to actually attack other VMs in the way I think you may be thinking
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.