Nemo <wordswithn...@gmail.com> [2017-05-03 19:50 +0200]: > I'm thinking an attacker could: > > 1 Take control of the VM through any given means, and gain the ability to > edit the .desktop file > 2 Alter the desktop file so that it opens a malware URL in the VM dedicated > to web browsing > 3 Send information from the Thunderbird VM to the less-trusted web browsing > VM via coding in the URL > > The weakness is you're giving a persistent, user-editable file permission > to control another VM - and the Qubes messaging service doesn't tell you > exactly what action you are approving, and might even be set to "Yes to > All" allowing transparent control by malware. > > If you DON'T set "Yes to All", then you are queried every time you open a > webpage, and if you don't read every approval carefully an attacker could > force a third, higher-trust VM to open a malware URL.
If an attacker can edit the contents of your home folder, he/she can accomplish the same by creating new *.desktop and mimeapps.list files in ~/.local/share/applications/. Changes in the home directory stay persistent unless it is a DispVM. -- ubestemt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170503202320.5csg6tttukuyrnkj%40bestemt.no. For more options, visit https://groups.google.com/d/optout.