[email protected]: > or the worst thing if hacker cant do this he can try to compromize > sys-firewall in the same way as sysnet bcs its the same topology.And after > compromizing sys-firewall then can do whatever he like. >
I'm not sure what you're trying to say here. Anyway it should be difficult to compromise sys-firewall, as the attack surface just isn't that big. But still possible, most likely. Anyway after compromising sys-firewall, the attacker is still confined to sys-firewall. This just allows the attacker to observe and modify network traffic, which is already a part of your threat model. Right? The attacker would need to break out to dom0 to "do whatever (s)he wants". Andrew -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/8858692c-819a-09ad-6cb3-aa881475d8c2%40riseup.net. For more options, visit https://groups.google.com/d/optout.
