On Mon, Nov 14, 2016 at 5:49 AM, Sec Tester <sectesting0...@gmail.com> wrote: > Could open up a vulnerability if not done carefully. > > VM could use it to query and identify other VMs in existence on the system.
There are already several timing side-channel ways to do that. Example: AppVM$ time /usr/lib/qubes/qrexec-client-vm sys-net qubes.VMShell Request refused /usr/lib/qubes/qrexec-client-vm sys-net qubes.VMShell 0.00s user 0.00s system 1% cpu 0.180 total AppVM$ time /usr/lib/qubes/qrexec-client-vm does-not-exist qubes.VMShell Request refused /usr/lib/qubes/qrexec-client-vm does-not-exist qubes.VMShell 0.00s user 0.00s system 0% cpu 1.565 total In this case the difference in time is quite obvious because it blocks while an error dialog is open in dom0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_A70au%3DdsuwuWUbiL44xNngaXYxFuUCWGXXZGtQ%3D90ZRw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.