On Tue, July 31, 2018 2:26 pm, Ole wrote: > I cannot seem to figure this out on my own: > > > If I have a USB-qube and use a USB keyboard and mouse, obviously the > USB-qube will have full control over my system. > > > But is this any worse than having all USB devices on dom0? (The general > tone in the documentation[1] makes it sound like it is, but I cannot find > a mention of a concrete problem that could arise.)
I think it's more about bad USB devices that drop a compromise into the system. If you're using dom0 to handle USB, getting it compromised is very bad vs. just bad if using sys-usb. The documentation is saying a PS/2 keyboard in dom0 is preferable to a USB one in sys-usb. > If I forward USB devices from the USB-qube to other qubes, does this open > up the USB-qube to attacks from those qubes? (This would be the only > reason I could think of why using a USB-qube with input devices would be > less secure. But I cannot find whether this is true or not.) I think some USB commands are filtered out on device forwards, so I expect they've considered the possibility but I'm not familiar with the exact mechanisms involved. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/dcbf5133d85ca932bc2c6b4042459736.squirrel%40tt3j2x4k5ycaa5zt.onion. For more options, visit https://groups.google.com/d/optout.
