hib0...@gmail.com: > This part of the file system is not rewritten on every boot. Are you > constantly somehow verifying your VM every boot, every 5 minutes, every web > page load? Or are you restoring from a backup every boot or worse rebuilding > the entire VM from a template every time you need it? Do you just not care > that this VM could be under nefarious control and let the perpetrator read > your email etc?
Actually, I think it is, but I could be wrong. I'm no expert so I hope someone jumps in and corrects me, but as I understand it, /rw and /home are the only persistent directories, and they are local to the VM. Everything else is mounted as a temporary snapshot of a file owned by the template (meaning the named TemplateVM can make persistent changes to it), except for tmpfs filesystems like /run and /tmp. So, malware could make itself persistent by infecting ~/.bashrc for example, but `dnf install` or /usr/bin/audacious would go back to its original state after a reboot. If it were up to me (and I had the necessary time and skills), I would harden all the things. Dom0 and DomUs alike. SELinux, AppArmor, Grsec, musl, even OpenBSD where possible, and of course restricted root access. Let the user incrementally disable security features if their favorite apps don't work. Xen is nice, but it's no panacea. I think about two years ago Xen got hit pretty hard with a raft of critical security vulns and it caused bit of controversy in the community. Nevertheless I realize all this isn't easy and I appreciate the amount of effort the developers have gone to in order to give us the Qubes we have today. Qubes could be better, but there's a reason all of us left our previous OSes after all, isn't there? ------------------------------------------------- ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c69fde54-0a47-6b85-0a33-a5596364e955%40vfemail.net. For more options, visit https://groups.google.com/d/optout.