[email protected]: > But look every vms in qubes base on the same,so if someone compromize sys-net > VM then it should not be so hard to compromize other VMs. >
It would compromise sys-net. Any writes to the template-based volume (with /bin, /usr, /var, etc.) are discarded upon VM reboot. They are not written to the base template--only the template itself can do that. It's possible malware could persist in sys-net, though, by compromising its /rw partition, which *does* persist across reboots (but is only used by that specific VM). But even then: it only compromizes sys-net. Andrew -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/cef64a3a-176c-0081-2b0e-fb67f7e30837%40riseup.net. For more options, visit https://groups.google.com/d/optout.
