Some examples of Default Root access possibly being exploited in Qubes. =================== Looks like the DRAMA attack would require root access in VM, to compromises Qubes shared memory
"taskset 0x2 sudo ./measure -p 0.7 -s 16." https://groups.google.com/forum/#!topic/qubes-users/qAd8NxcJB3I ===================== I thought of a possible persistent attack vector, that would survive even after rebooting the VM. If malware wrote its self into rw/config/rc.local it could reinfecting the system every restart. =================== ======================= Also today i used the CLI command to move files between VM's "qvm-copy-to-vm" a dom0 prompt seems to be the only thing stopping an attacker spreading malicious code across the whole machine, including templates. Using the DRAMA attack to Authorize, bypass or spoof permission to transfer malware across the entire system. A VM root password would just add that extra layer of prevention. =================== All of these attacks could be mitigated with a password for root access in VM. SELinux policies could also limit directories being read & written to. Im still studying Qubes OS tho. Perhaps there are existing security features in qubes im unaware of that prevent these attacks without requiring a VM root password? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/e9640658-7763-4e57-8af2-5eb0ff09a86d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
