On Fri, Jan 15, 2021 at 06:35:13PM -0600, Sven Semmler wrote: > On 1/15/21 6:10 PM, unman wrote: > > at the expense of security, since all AppVMs based on that template > > will have a large number of applications/libraries which may be ripe > > for exploit. > > Could you please elaborate? I am not sure I understand.
Many attacks rely on chaining exploits and loopholes in an assortment of applications and libraries. You see this very often in "capture the flag" contests, and in real world attacks. If you use a single template and load it with software (and therefore associated libraries) you have significantly broadened the attack surface: this is particularly so if you install "recommended and suggested" packages. By contrast, if you use a minimal template and install a single application, the attack surface is smaller. If you have a template loaded with file viewers, office applications and drawing software, it will undoubtedly be extremely useful. But the attack surface is large. If you use that template as the basis for your mail reader, for example, then there is scope for an attack using a crafted email attachment. But if you use a minimal template with a good mail reader like mutt, and open all the attachments in an offline disposable VM based on that extensive template, the risk to your mail reader, and by extension your Qubes system, is reduced. (Note, reduced but nor removed.) In my system, almost *all* my working qubes are based on adapted minimal templates, and most of them, including my mail qubes, are offline. This may be why I have an unholy number of templates. File storage qubes are exactly that - they store files. If I want to view, or edit, I do it in an offline qube: I *have* to do it in another qube, because the storage qubes don't have the capacity for anything except plain text editing (and imagemagick, and some python and....). Are there risks? Of course. > > > I'm not altogether clear on what you mean here. > > I understood > > 1) AppVM based on debian-10 and install gimp in AmpVM. The OP might or might > not be aware of binds/persistence. I didnt hear this in what OP wrote. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20210116013926.GA5617%40thirdeyesecurity.org.
