On Monday, January 23, 2017 at 10:00:09 PM UTC+3, raah...@gmail.com wrote: > On Monday, January 23, 2017 at 3:28:47 AM UTC-5, daltong defourne wrote: > > Hi! > > I've managed to plug a USB printer/scanner into Windows HVM via usbip (as > > workaround to current USB/PCI passthrough woes) > > > > Sharing with community: > > https://github.com/QubesOS/qubes-issues/issues/2597#issuecomment-274347172 > > > > NB! This thing requires that you have networking between windows HVM and > > your usbvm (or whatever the USB controller has been passed through to) > > can other appvms bet attacked by the usbvm after this setup?
in my humble opinion, usbip from usbvm is bearable, but definitely not very good security-wise. (it's a complex piece of software with obscure, occult behavior, and a daemon running as root on usbvm) using it to take over the usbvm from a compromised windows box is definitely within possibility. If your usbvm doesn't manage dom0's input devices and if it has no networking beyond windows-vm <-> usbvm path, attacker will be likely limited to dropping malware on flash drives you connect to usbvm and such So IMHO (don't quote me on this) it's not very bad and most of increased susceptibility happens on windows7<->usbvm path It's a trade-of (most things in life are :() -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a5df96cc-dde0-42a4-bba7-092f80b0ffd6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
