On 9/12/18 6:53 PM, Daniel Allcock wrote: > Dear All, > > Have been settling into my new qubes laptop and found that sys-net keeps my > wifi password in plaintext in a file in a single directory > (/rw/config/NM-system-connections) that survives reboot. Presumably as I > add wifi networks such files will accumulate. This surprised me, since > sys-net by design is untrusted and isolation is the whole point of qubes. > If I understand right, when RandomMotelWifi corrupts my sys-net, > the corruptors can then get onto almost any other wifi I've ever logged into. Your reasoning is right, but defending contents of sys-net is *not* in the main scope of the Qubes project. It's even "written on the tin", as in "the default color for sys-net is red" and in all the documentation it is described as a sacrificial Qube, to protect -by isolation- the other Qubes.
Still, the issue that you raise is true and sensible: an isolated WiFi password management could be a nice addition of functionality for Qubes. Moving the debate to an upper level, it could be argued that if you are so paranoid about security you should not connect to insecure WiFi networks altogether... But that would not be answering to your question ;) > Is the idea that I should run different sys-net's to separate wifi's from each > other, according to some scheme that I need to keep track of? Maybe, home > on one, work on another and everything else on a third? It can be done; please be aware that this would mean disconnecting and reconnecting the PCI device once you want to start a connection to another network, and this could easily become hard to manage. Furthermore, network connections are usually "architecturally orthogonal" to your Qubes (home, work, banking, etc.), in that you typically connect to the internet from all qubes at the same time, on any network that is available at the moment. You only typically isolate TOR traffic from the non-torified one. I'll throw in another option: what about using the PCI WiFi adapter only for "safe" networks, and using a separate external USB one (with a separate sys-net-unsecure Qube) for any unsecure connection, that you periodically purge of any WiFi settings? This way you could usb-proxy the adapter to the unsecure sys-net - I don't even know if it can be done, I only use Qubes on desktop workstations, but it may be easier to manage with existing tools than invent a full-blown NetworkManager secrets management system... > Thank you for any thoughts and recommendations, > Daniel Thank you for your contribution; bye -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/91e378b1-5b58-ff5c-9a6e-692d0f965dfb%40gmx.com. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
