pleom...@gmail.com:
> But look every vms in qubes base on the same,so if someone compromize sys-net 
> VM then it should not be so hard to compromize other VMs.
> 

It would compromise sys-net.  Any writes to the template-based volume
(with /bin, /usr, /var, etc.) are discarded upon VM reboot.  They are
not written to the base template--only the template itself can do that.

It's possible malware could persist in sys-net, though, by compromising
its /rw partition, which *does* persist across reboots (but is only used
by that specific VM).  But even then: it only compromizes sys-net.

Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/cef64a3a-176c-0081-2b0e-fb67f7e30837%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to