As far as I remember, there was an idea to kill stubdoms after boot, which 
would both reduce risk (as stubdoms run in PV) and CPU+memory overhead. I 
cannot try it right now, because I haven't installed Q4.

> If I switch to disposable VMs, I assume the risk would be reduced.

You can sort reduce some risk of having your AppVMs permanently pwned. As a 
result, this  could prevent some kinds of gradual pwnage of dom0.

OTOH, if attacker pwns some your VM and has a reliable way to escape from the 
VM to dom0, it does not matter if it is DispVM or not.

> Can this be done for the sys-vms?

Not sure about 4, but I have done something similar for sys-usb in Q3.2. 
Strictly speaking, it is not a DVM, but it behaves similarly. The hack is 
simple in Q3.2: 1. Truncate VM's private.img to zero bytes. 2. Ensure that the 
VM template has created /home/user in root.img. (You can do something like 
this: sudo mkdir /tmp/root && sudo mount --bind / /tmp/root && sudo mkdir 
/tmp/root/home/user && sudo chown user:user /tmp/root/home/user && sudo chmod 
700 /tmp/root/home/user)

In Q4, you will probably be able to do something similar, but you probably 
can't truncate LVM volume to zero bytes, so this will require some elaboration.

The VM sys-firewall could utilize the same hack unless you have some scripts 
there. VM sys-net probably cannot utilize this (at least not that 
straightforwardly) because of network config you have there.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8e6be7ab-6e57-4e44-ade2-c391d24bc4c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to