> or the worst thing if hacker cant do this he can try to compromize 
> sys-firewall in the same way as sysnet bcs its the same topology.And after 
> compromizing sys-firewall then can do whatever he like.

I'm not sure what you're trying to say here.  Anyway it should be
difficult to compromise sys-firewall, as the attack surface just isn't
that big.  But still possible, most likely.

Anyway after compromising sys-firewall, the attacker is still confined
to sys-firewall.  This just allows the attacker to observe and modify
network traffic, which is already a part of your threat model.  Right?

The attacker would need to break out to dom0 to "do whatever (s)he wants".


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
To view this discussion on the web visit
For more options, visit

Reply via email to