According to the description, it looks likely to affect Qubes. According to my experience, I remember getting in the shell (from a different reason) and it asked for a password. I believe this happened when upgrading to 3.2 due to a mountpoint issue. This suggests that Qubes is not affected, but I haven't tried the exact scenario in Qubes.
The key question, however, is: How does it fit to your threat model? In my case, attacker would need a physical access. In such casse, she can also boot from an USB device and do the same, maybe even more comfortably. I am aware that there are some examples (e.g. ATM) where this can be a real issue. Even for those cases, I doubt this is a massive threat. Such devices have usually a fairly limited keyboard, which can make the vulnerability unusable. (I am assuming that attacker cannot attach a custom keyboard.) Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9741b25a-5d21-45ec-9c79-d09690e57e8c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
