pleom...@gmail.com:
> or the worst thing if hacker cant do this he can try to compromize 
> sys-firewall in the same way as sysnet bcs its the same topology.And after 
> compromizing sys-firewall then can do whatever he like.
> 

I'm not sure what you're trying to say here.  Anyway it should be
difficult to compromise sys-firewall, as the attack surface just isn't
that big.  But still possible, most likely.

Anyway after compromising sys-firewall, the attacker is still confined
to sys-firewall.  This just allows the attacker to observe and modify
network traffic, which is already a part of your threat model.  Right?

The attacker would need to break out to dom0 to "do whatever (s)he wants".

Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8858692c-819a-09ad-6cb3-aa881475d8c2%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to