On Wed, May 06, 2020 at 12:02:55PM +0200, haaber wrote: > > https://labs.f-secure.com/advisories/saltstack-authorization-bypass
> Thanks for the source. How do you infer that this "doesn't apply" (and > maybe "did never apply") to qubes? Recall my question: where does salt the vulnerabilities are both in some networked-zeroMQ cloud-management component. which qubes is most certainly not using. > appear "under the hood" in qubes? This question seems relevant, since at > least I (almost) never invoke salt by hand. Is that not a reasonable > question? Explain. the most user-exposed part of qubes-salt is ... ... if you run qubesctl things to manage service vms. it all stays either within a vm or uses qrexec where needed. if you want to take a look, check /srv/ for the salt parts and /usr/lib/python*/*/qubessalt/ for the qubesctl parts. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20200506113506.GM987%40priv-mua.