On 06/28/2017 12:19 PM, [email protected] wrote:
Thanks, and point taken on not focusing on security implications.
I found a thread from last year where some third-party devs are concerned about
the implications of letting qvm-run -p run wild:
https://github.com/SietsevanderMolen/i3-qubes/issues/15
It's a good idea, but I think I'm looking for a more secure solution - if it's
out there.
IIUC, having dom0 parse the file list is whats worrying you? Otherwise,
passing data through dom0 (no parsing) should be considered secure.
You can have dom0 pipe between machines like so:
qvm-run -p sys-net "tar -cf - /etc/NetworkManager/system-connections" |
qvm-run -p sys-net-profiles "tar -xf -"
This entails a small amount of risk to the profiles VM (because tar file
is parsed there), but not to dom0.
--
Chris Laprise, [email protected]
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/53f323e2-6b45-7ce2-4077-f809db3a81cb%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
