Re: [qubes-users] important question about whonix gw/ws

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-15 21:04, joshuamennunipacass...@gmail.com wrote:
> Someone could tell me why in the default qubes VM manager don't
> tourn on whomix ws and whonix gw? I mean only sys whonix is tourned
> on so could be a security tread? Should I tourn in those 2 whonix
> gw and whonix ws? Or I have to let them off? So sorry about my
> question I'm not expert. From what I read the gw and the ws are
> either essentials for the whonix environment.
> 
> Someone could tel pleas to me why both the gw and the ws they are
> tourned off by default? Touring on those two will the security been
> encreased? Or I have to left them off and use only the sys whonix?
>  Confusion
> 
> (Sorry about English)
> 

whonix-ws and whonix-gw are TemplateVMs. They don't need to be on
unless you're updating them or installing software in them:

https://www.qubes-os.org/doc/templates/
https://www.qubes-os.org/doc/whonix/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYyhSjAAoJENtN07w5UDAwZHMP/A0orptPobNc5ujm+zMVPP9x
c+g0QVis7355ABs6d3LF0a9NXcldccFdJ51iNFRvB9oTGzBrPQ4NBO/iOEvMnJHX
qeQ/U3ZcgeytjeAaZSkCY9oODVsgTt29RRbN2RDo8u9bdW419i5QBjfmw7FZKaei
Zq3jPqoRqbkxgL7x4TG2ATHGRbUtVDO5B5V3eXDjyjlNPrPaeAPO2kJ4fBieU82w
6hkiqNZq7kMok16FwJgejk/SSGSNDdBwAspoXjaxiiYkoVkEmDCUjAJc0cRKnAks
9xgUVOb6neKG/egat6gOL590pF1V6L1squ4u2FuzwXTnSnOGADFa+Y9g+1MVOo8C
0VFlMGZf1zT0dUcW22PTDeSFlYzZzRMHcbGkM2fYTmfvk714pZYwtTPyZX/JtSb7
pUxIFjDaUpmygJpGNPQPhuhsI7nau9Tl/0DBq8Q/pDE//Le55BP6IHmv2i0Kz+Xi
wGWdB6F2Rkdme1N1RfERW69LTx5LgARTdyVfOc/OX/SJ9fRIJK+LstH0bUSFPQz+
bZMxwgIxNLfiWc1fPCSzAEJ2eQoc7fj0O22qzWvPaZ9+tKAb2//PY4IzFc41lzVv
1bCY4XvwZrAvYmbctiaA/Xh37unAEYLtOult5Ts02BC2FY3VIgKIJO3y5FXz5+L3
czJVmMOVcrd31hpSa5Lk
=A+jC
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/f264c93c-db70-d125-2892-d324ea2412b6%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] important question about whonix gw/ws

[joshuamennunipacassoni]

Someone could tell me why in the default qubes VM manager don't tourn on whomix 
ws and whonix gw? 
I mean only sys whonix is tourned on so could be a security tread? Should I 
tourn in those 2 whonix gw and whonix ws? Or I have to let them off? 
So sorry about my question I'm not expert. From what I read the gw and the ws 
are either essentials for the whonix environment. 

Someone could tel pleas to me why both the gw and the ws they are tourned off 
by default? 
Touring on those two will the security been encreased? Or I have to left them 
off and use only the sys whonix? 
Confusion 

(Sorry about English)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/813a44da-abc3-44f7-bac3-d91a949e4f67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Curious: https for yum repos

[Unman]

On Wed, Mar 15, 2017 at 03:39:04PM -0700, Andrew David Wong wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> On 2017-03-15 01:15, haaber wrote:
> > Chris,
> > 
> >> Fedora *unfortunately* is the blacksheep here. It doesn't sign a
> >> repo file, therefore an attacker can hold back individual
> >> packages withing what appears to the user as a stream of normal
> >> update cycles.
> > 
> > I read this as "fedora is less safe" since exposed to described 
> > attacks. Actually I never used it in my prequbes life, and I would
> > still not if there were alternatives to fedora-minimal.
> > 
> 
> Not sure I would read it that way.
> 
> > So: Is there a debian-minimal available?
> 
> The existing Debian template is already pretty minimal, so no
> debian-minimal template has been created.
> 

There is a debian-minimal available for build, of course. And the build
is very straightforward. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170316013912.GD21254%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] changing private storage size don't work

[Unman]

On Tue, Mar 14, 2017 at 11:07:07PM +0100, evo wrote:
> 
> 
> Am 14.03.2017 um 22:52 schrieb Holger Levsen:
> > On Tue, Mar 14, 2017 at 10:50:05PM +0100, evo wrote:
> >> there stands 500GB now (it was a mistake with a zero :D) and i don't
> >> have more than 120GB. But the data on this VM is not more than 20GB.
> >> So will it make any problems, if i have 500GB in the "max size"?
> > 
> > create a new vm now, with 25gb private storage. copy those important 20gb
> > over to that new vm, delete the 500gb vm. 
> > 
> > :)
> > 
> > 
> 
> okok, it would be better :)

I don't know if it's too late to save you some effort, but in fact it
really doesn't matter - all you have done is reserved space for that
500GB - if you don't use it then the disk file will remain small. 

You can see this by looking at the files in dom0:
look in /var/lib/qubes/appvms
ls -lsSh will show you the true size of the files - you'll see that
there's a considerable difference, so you can safely leave your 500GB
file as is.(Unless you think that you might just keep writing to it
until you fill the 120GB without realising, in which case you should
protect yourself from foolishness by acting now.)

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170316013355.GC21254%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Cannot load graphical installer

[Truong, Khang]

I am trying to install Qubes, but cannot seem to get the graphical installer to 
launch; it always wants to fall back to the text installer. Unfortunately, 
there seems to be a bug with the text installer that prevents it from prompting 
for an encryption key, thereby breaking the entire installation.


Any help on this would be very much appreciated. I apologize in advance if this 
seems immediately obvious, for I am still new to this.


Sincerely,


Khang Truong

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CY1PR0101MB14972BC868F6D461545B9FC895260%40CY1PR0101MB1497.prod.exchangelabs.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] How to set dns in sys-net

[Unman]

On Wed, Mar 15, 2017 at 01:05:02PM -0400, eldor...@riseup.net wrote:
> I want to set dns in sys-net .
> After installing dnscrypt-proxy in sys-net template i have access to
> internet in sys-net
> via new dns address with these commands.
> "sudo dnscrypt-proxy --daemonize --syslog -R dnscrypt.eu-nl -a 127.0.0.2:53"
> "dig txt opendns.com"
> and dig command shows me i have access to new dns address(127.0.0.2:53).
> 
> but sys-firewall doesn't have access to internet.
> How can i fix this?

Do you really mean that sys-firewall and qubes below doesn't have
access to internet? Or do you mean that you have broken DNS resolution?
You could easily check this by accessing a site by IP address rather
than by name from sys-firewall.

Usually, the NAT table rules in sys-net route DNS traffic outbound to
the dns servers set on sys-net (e.g. those given out by DHCP.)
While dnscrypt-proxy is running, look at the iptables rules in the NAT
and filter chains and see what is happening.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170316010731.GB21254%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] feature idea: creat trusted office document

[Unman]

On Tue, Mar 14, 2017 at 10:39:34PM +0100, cubit wrote:
> What would be possibility of getting a file manager context menu item to 
> create trusted office document  like we have for PDF and img currently.
> 
> I think make the document its self safe is hard while keeping the file type 
> but maybe "convert to trusted pdf" would be usable solution?
> 

I tend to use tools like catdoc and docx2txt to extract text.
You could, I suppose convert to RTF format, although I dont know if that
is substantially more trusted.
If you want to try converting to trusted pdf, you could insert this in to
/usr/lib/qpdf-convert-server: you'll need to have libreofice installed
in the relevant template.

Below the lines:
# Get the original (untrusted) PDF file...
cat > $INPUT_FILE

INSERT:

if [[ $(mimetype $INPUT_FILE) ==  *msword ]]; then
loffice --headless --convert-to pdf --outdir /tmp $INPUT_FILE &>/dev/null
cd /tmp
INPUT_FILE="/tmp/$(basename $INPUT_FILE )".pdf
fi

Make this change in the template you use for disposableVMs.
use qvm-create-default-dvm to rebuild your DVMTemplate

Now you should be able to convert msword files to PDF just as you convert
PDFs.
All it's doing is converting doc to PDF via libreoffice and then
processing that PDF as normal - all in the disposableVM
Using the mimetype isn't good, and you'll need to extend that to other
forms for more recent formats, but it's a quick hack that works.(I
think)

It occurs to me that you could use the same trick for all sorts of
"trusted pdf" conversions.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20170316005304.GA21254%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Feature request: "HDD Airbag" analog

[.]

i see. well, at least helping info on how one can implement this. the 
idea is not only to have one device for multiple tasks. large SSDs are 
still not so affordable. regarding practical scenarios for things like 
2x2 TB HDDs: local Wikipedia dump. or/and huge Squid cache. imo, it is 
better to use local storage than online, even if TOR is used. local KBs 
like Wikipedia means almost 100% no one can trace what user researching 
and for how long, assuming HW and system has no backdoors to net 
ofrourse. low security settings of many TOR nodes turning TOR usage into 
a joke, not mention other known attacks. i recall news article about 3 
or more governments pursuing readers of wikileaks. imo its impossible 
for observer to determine which articles person is reading and when (on 
airgaped PC), by only having fact of person's monthly wikipedia dump 
downloads (few hundred of gigabytes in compressed state). by observer 
right now i mean nonhuman software observers, active 24/7/366, having 
access to ISP traffic and possibly to target KB server via backdoors. of 
course this is more like anonymity than security matter.



On 16/03/2017 03:39, Andrew David Wong wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-15 13:11, thinkpad user wrote:

Feature request: "HDD Airbag" analog

overview: https://support.lenovo.com/nl/en/solutions/ht003517 list
  of supported devices:
http://support.lenovo.com/nl/en/downloads/ds015000

is it possible to add this feature to Qubes? or atleast provide
some interface to poweroff/park HDD? yes, Qubes requires SSD for
good operation, but imo most users like to have SSD + large HDD for
media or other content. i believe qubes can be really friendly for
not so geeky user, by having such features or atleast providing
support so user could write such soft.


Realistically, the probability of Qubes implementing this is
approximately zero, IMHO. (Not Qubes-specific, not security-critical,
already not enough time/resources to pursue actual Qubes goals,
missing expertise, world moving away from HDDs, etc.) It should be
implemented somewhere upstream, if anywhere.

- -- 
Andrew David Wong (Axon)

Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYydC5AAoJENtN07w5UDAw+D4QAIUQouwKMye7CeIuUeW9VGpY
CGLCJuvVTBIdAYugZ/EuA6zojz0p0/xMmZEvLcTwrabf9Mbw5IrtotWcxVeZIjE/
n78nWfNp6Z4hrr3RdoUr4Go7svJ2WCkiPrzv2f6sC7LEwF3GEK1ZZIjAODOabFos
yc9BwsovthNCvf+6eTnljMPVq0Om6jiCLX+PmDvxm8z1rFxRCOnFFWqKTUpmIHW5
k/Z9z6u89zoJ1IyT9I/x0XIJH2EpZTMbKFcQf/1m59UCcTBdckcDhdaYKdBHDXFn
m2CW1knetBta3ubocd5rKn6DR6SwYFJWxa7ZPIwNs//7WT47qHZHu/2SsBukuI3F
qZxThA1GHVbVKDXLYR49VAtQVRzzDbK6jjgZvwRLHilaGh41r6klX8Af019hHfRk
eYEDK8ngkNosT+ZsgqhxDNOh+viEONOI0StCwKbUw+y7QRhzuadnD4V1dba4ece9
I360QOavzxR8c0ECnwP0ry2dI6TM+6+ru1UMsP0om37l86g/mxd3QBd/6XkIgbjI
2O7Gs8MMZOHkCjwIrZF0aukCrlSEIhOYMc627l941Gk36b8JSDGALgtpXgY5rk7i
lXrve4aZd/TCAcnoHR3pEME3/iVuvJ0F4rvM29v35kLueC2PhCiyejTRFJI5TVIa
BOVvACwZMHDCefLcivGt
=70kE
-END PGP SIGNATURE-



--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/650a89fe-353a-717a-6248-4952952cb50f%40gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Kicking the sudoers dead horse

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-14 19:04, 7v5w7go9ub0o wrote:
> On 03/14/2017 06:08 AM, Andrew David Wong wrote:
>> On 2017-03-12 15:09, 7v5w7go9ub0o wrote:
>>> On 03/12/2017 12:45 PM, Andrew David Wong wrote:
 On 2017-03-11 19:41, Unman wrote:
> On Sat, Mar 11, 2017 at 08:47:05PM -0500, Chris Laprise
> wrote:
>> On 03/11/2017 11:56 AM, Unman wrote:
>>> On Sat, Mar 11, 2017 at 04:43:41PM +, sm8ax1
>>> wrote:
 7v5w7go9ub0o:
> Yep! And ISTM this is an argument for using dispvms
> to handle mail (or any other WAN-exposed
> client/server): start a dispvm; copy mail client
> and mail "file" into it; do your mail; copy out and
> save the updated mail file (which is text); flush
> away the dispvm - all handled by a script(s).
 How do you figure that's less of a pain in the ass
 than typing a sudo password?
 
>>> You're missing the point - that procedure is trivial to
>>> set up in Qubes and addresses real security concerns.
>>> Just putting a password on root access, or requiring
>>> some dom0 interaction doesn't.
>>> 
>>> This is important - security IS a pain in the ass.
>>> Qubes can make it less so.
>>> 
>> Yes, sm8ax1 got you there. :)
>> 
>> DispVMs are nice to have when we think that certain 
>> operations carry threats. But its ridiculous to expect a 
>> typical user to do a majority of their tasks in them.
>> 
> No, it isn't ridiculous to expect a typical user to work
> in disposableVMs. I've set up a number of users with a
> range of experience, and they are very comfortable with
> this. If the implementation is kept hidden generally
> speaking everything goes fine. Some scripting to make
> things easier, and support is probably no greater than
> usual ,except for "that funny copy thing". I've said this
> before.
> 
> Set up right I don't think that Qubes is outrageously
> difficult to use, even with disposableVMs doing most of the
> heavy lifting. But that's a separate issue.
>>> 
>>> 
>>> Agree with all of this. Working in a DispVM (e.g. browser, or
>>> mail) is the same experience as working in a VM. Only
>>> difference is clicking a script to start it up; inform the
>>> script of the DispVM to work in; and telling the script to
>>> shutdown (copy updates) at the end - in my case by entering a
>>> 
>>> 
>>> 
 I'd be interested in hearing more about this (in a separate 
 thread, perhaps).
 
 In particular, no one has, to my knowledge, attempted to
 rebut the arguments I advanced against the "doing everything
 in DispVMs" approach here:
 
 https://groups.google.com/d/msg/qubes-users/nDrOM7dzLNE/Kr5W3BUkcG4J
>>>
 
RATS!  I missed that.
>>> 
>>> 
 Granted, that was almost two years ago, and some of the
 things I wrote there no longer apply. However, I still
 haven't seen a strong case made *in favor* of this approach
 to begin with. I would like to see one.
 
>>> This is the first I've seen your 4/1/15 note - sorry - wish we 
>>> could have discussed it then.
>> I also forwarded that message to you directly and invited you to
>> have an offline discussion about it (shortly after receiving no
>> reply from you on-list), but no worries.
> 
> Dang! Sorry again!!
> 

No big deal. :)

> 
>> 
>>> You have the basic idea except for the vital point of what
>>> happens at end of DispVM session (copying as few as possible
>>> user files back to a VM or Vault). I take your point 4 on
>>> space, and point 6 on RAM and CPU usage.
>>> 
>>> I disagree on critical point 5.
>>> 
>>> For example running a browser in a VM is indeed "more secure"
>>> than running it in a VM because only specific updated files
>>> (bookmarks - places.sqlite) are retained and copied back to the
>>> vault at end of session; no other user-land files (and surprise
>>> relics) are copied back; this is contrary to what is presumed
>>> in that write up. If if the bookmarks weren't changed, simply
>>> flush the DispVM away.
>>> 
>>> Doing mail in a DispVM is also "more secure" for the same
>>> reason - only specific updated files are retained at end of
>>> session - no other user-land files (and relics) are copied back
>>> to a VM. This is key, and why this is more secure.
>>> 
>> I think I understand the setup now. I agree that this is
>> technically more secure in the sense that your inter-session
>> persistent attack surface is reduced (fewer persistent files; a
>> greater number of files are "templatized"). However, it seems
>> like a very minor security gain for a huge cost in initial setup
>> and inconvenience (see below).
> 
> 
>> Do you agree that the security gain is relatively minor, or do
>> you have some reason to think that it is significant?
> 
> Aha!!
> 
> The key issue!!
> 
> 1. Is the security gain very minor? (and is its huge cost in
> 

Re: [qubes-users] Feature request: "HDD Airbag" analog

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-15 13:11, thinkpad user wrote:
> Feature request: "HDD Airbag" analog
> 
> overview: https://support.lenovo.com/nl/en/solutions/ht003517 list
>  of supported devices: 
> http://support.lenovo.com/nl/en/downloads/ds015000
> 
> is it possible to add this feature to Qubes? or atleast provide 
> some interface to poweroff/park HDD? yes, Qubes requires SSD for 
> good operation, but imo most users like to have SSD + large HDD for
> media or other content. i believe qubes can be really friendly for
> not so geeky user, by having such features or atleast providing
> support so user could write such soft.
> 

Realistically, the probability of Qubes implementing this is
approximately zero, IMHO. (Not Qubes-specific, not security-critical,
already not enough time/resources to pursue actual Qubes goals,
missing expertise, world moving away from HDDs, etc.) It should be
implemented somewhere upstream, if anywhere.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYydC5AAoJENtN07w5UDAw+D4QAIUQouwKMye7CeIuUeW9VGpY
CGLCJuvVTBIdAYugZ/EuA6zojz0p0/xMmZEvLcTwrabf9Mbw5IrtotWcxVeZIjE/
n78nWfNp6Z4hrr3RdoUr4Go7svJ2WCkiPrzv2f6sC7LEwF3GEK1ZZIjAODOabFos
yc9BwsovthNCvf+6eTnljMPVq0Om6jiCLX+PmDvxm8z1rFxRCOnFFWqKTUpmIHW5
k/Z9z6u89zoJ1IyT9I/x0XIJH2EpZTMbKFcQf/1m59UCcTBdckcDhdaYKdBHDXFn
m2CW1knetBta3ubocd5rKn6DR6SwYFJWxa7ZPIwNs//7WT47qHZHu/2SsBukuI3F
qZxThA1GHVbVKDXLYR49VAtQVRzzDbK6jjgZvwRLHilaGh41r6klX8Af019hHfRk
eYEDK8ngkNosT+ZsgqhxDNOh+viEONOI0StCwKbUw+y7QRhzuadnD4V1dba4ece9
I360QOavzxR8c0ECnwP0ry2dI6TM+6+ru1UMsP0om37l86g/mxd3QBd/6XkIgbjI
2O7Gs8MMZOHkCjwIrZF0aukCrlSEIhOYMc627l941Gk36b8JSDGALgtpXgY5rk7i
lXrve4aZd/TCAcnoHR3pEME3/iVuvJ0F4rvM29v35kLueC2PhCiyejTRFJI5TVIa
BOVvACwZMHDCefLcivGt
=70kE
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/4d7edb21-d575-3676-3918-08887e810c7f%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] feature idea: creat trusted office document

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-15 03:46, Jean-Philippe Ouellet wrote:
> On Tue, Mar 14, 2017 at 7:44 PM, cubit  wrote:
>> - open dom0 terminal - get dom0 to open a disp terminal in the
>> same dispVM as the disposable doc
> 
> Ouch. I'd forgotten how annoying that could be. I have a script
> [1] bound to a keyboard shortcut to open a terminal in the same VM
> as the front-most window. Perhaps you might find it useful?
> 
> [1]:
> https://gist.github.com/jpouellet/0f74459699433cabc26c389caf36b455
> 

Thanks, JP. It would be great to have this functionality integrated
into Qubes by default. Tracking:

https://github.com/QubesOS/qubes-issues/issues/2706

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYycbIAAoJENtN07w5UDAwavYP/Ry8asVBXRSxv5/p9ffVAmPi
XKn7X3WKykO8NriXJzA4Y6+5Im3GPOVI9k2V43Rv+IGa9VN3ZW0ppLcti8qinaEw
0XlHisnUIUor603m/pUFQElKnMxstbnefF3mDIU8ePT9WNChA+qbx4e6Bq19prcI
y3bqyDeFhkbhz+49dDHOs/41NYDnfaTDrawma+oUJlQgH/AclGn0CbjLN/FgzgxW
Z9R61FETX626YR4Ya0Rd5fbVduSd4Hwhewpuv2EMUpEmueVIqDSGTZZ29y83NBKE
rs8c6fmBdybxZSPsQihs2np8Semb7HmFD2tdBqdVediYA8eGEKyqLM/Z4W7NSKtU
fpe5wiZLrTa8sEPc8mAitRWA+zJjzhYiEazOZWMwrMxFp+9JdZT38PDYdggGBLaL
1/6Fkqt423qeZBCtD/DcbXsUoFdugy1uN0Ha8s1bnlTA0mLjpZZ+xuov4Tenl8ej
XozebjRsDbT5wjKw+6T2lenWO5y3HFc/+TkQM1+0ZrB8Ic6M0pERjLukQxOamgSG
zE5eq1HWIq6lGwBNjKIIT9gs7S7bZpaGlNCmtpsDJGJi8IeiHdpjVysStsX+gAmG
hueL1RnWRVr4U9QJtaRNjPlQ3Q98m5aL/FH2PdFgBzV5j9uPnw+Ur9u4iCRiEqDI
acEm81ltvd7C2NBOOjgY
=zXco
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/1a8a1978-4b50-2c9d-ddca-488b0b3ab465%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] other SSD for VM, not possible?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-15 01:45, evo wrote:
> Hello!
> 
> rather simple question: as i understood, its not possible to
> install VM on other SSD as the Qubes, isn't it?
> 

Install? Not easily.

Move? Easily:

https://www.qubes-os.org/doc/secondary-storage/

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYycQVAAoJENtN07w5UDAwevQP/1KXil48hsWWwjjejfmF/IIM
gaUdJ7V3ao51bahJnwNMtRXP38/pY8LFdvk8wozrlvYnb9WX2B2VFGirrgVEc0ge
bygmX61EtKaFbBSWjs8uRimeZ5plNUVfS873eUHiGej1ZF80HjWEZEzzMq2DZbwy
QTUnphqA9yISaDxL9LfONy1bybuX23TnEws+aImYF6SScnPrt8kzgH1d2euZjZLb
A4EkeYHuojWSpZ81d4VWv3kHXb44EIdJxghXd6nMos139GQHMs4k/JKaE2oQcoF9
TMLzNCvkLYyzY4GG2tzI0sFFCkYIl1sxTqTSzNabQaKH3c4YY5t2ju0q+590sa8D
t58Jxws6/SwIIBZCx3ldRuH5Uwc6dGLRvVFhuJGLcrYZWNJXOJbnQozXFx71y7Oc
RdhddsthVu4jcUwTZ6G5HCYlHWQ0+eIZ/vftTfIFDSM/az6eYxpFC8cHcdgb0Vh+
UUOgaX0mKwzqDhWxUs1iZFD2tJBiv+4i5Kw5/599VIinVzlWOK30kMiwHy3o/cR7
7ABPrFPQV3llsNbnVGdDgfkPbF+z23aYjv/cm6w5BDmn3YifkrP5vC5hgb51V4Kt
3tUhzgYTMui6YFPHdDFmw4/dIDgHe21r6izFf4JtlqIPIbCWoCnPf3SjcLsphszV
e5SHZI89VW3d0ss2KC3J
=PWSR
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20a81432-8125-c774-6410-98aa3580a707%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: is it better to have just standaloneVMs?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-15 01:14, evo wrote:
> Am 15.03.2017 um 01:17 schrieb Unman:
>> On Tue, Mar 14, 2017 at 08:02:58PM -0400, Chris Laprise wrote:
>>> On 03/14/2017 01:55 PM, evo wrote:
 hmm.. this is also a good point, thanks! so if i do not use 
 openoffice in my bankingVM, there is no practical 
 vulnerability in it.
 
>>> 
>>> Yes and no. Off the top of my head, there are two things to be
>>>  concerned about with the (regular, distro) software you 
>>> install:
>>> 
>>> 1. Does it cause an additional service to start accepting 
>>> connections?
>>> 
>>> 2. Does it have a MIMEtype or similar mapping, so that clicking
>>> on a mislabeled file could cause it to open in an 
>>> unwanted/risky app. Unfortunately, nautilus doesn't seem to 
>>> have a setting for always asking before starting an app. But
>>> at least it defaults to double-click instead of single-click.
>>> 
>> 
>> 3. Installing some programs, like libre/openoffice, brings with 
>> it numerous libraries and attendant programs which may widen the
>>  attack surface of your qube considerably.
>> 
> 
> so its better to have such VMs as banking or email in 
> standalone-mode.

No, that doesn't follow. See my previous message about having multiple
TemplateVMs.

> The thing is... as i understood, stanalone-machines (if they are 
> not HVM) have all software from the template they use. So the only 
> way is, to install new iso on HVM, isn't it?
> 

This doesn't follow either. StandaloneVMs and HVMs are completely
independent of one another. It's possible that there is terminological
confusion here. Please consult the glossary:

https://www.qubes-os.org/doc/glossary/

> in that case, i don't really understand the sense of standalone 
> AppVMs.
> 

StandaloneVMs can be useful for many different things, but not every
user will have a need for them. For example, if you have a piece of
software that installs parts of itself in both the root fs and user dirs
(and you don't want to work around this with bind-dirs), and you need
the software in only one VM, then a StandaloneVM is probably a perfect
solution.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYycPeAAoJENtN07w5UDAwZD0P/3LtjWYp5sB0p/jKM/bOXYea
shPiimxeaRgaEF/e714aamWiWCWN9a8OgaWnHbMPd2cajTSHgEc2zY8E4gPJN62B
uvs1Y4958KxrNIdmT7p6ECivlwA7ZsaynzFICSM1d9QTviRCmkj7SY1+qPt6XjqO
OTQ7IRGh1WBssaxWS1Dc320MJth25n9+ipNhhL7XpJA9vgOEZm6lUgeIhit3DiJg
n1cjnKCoXhD8+i9bhVRcT9uurZdFdXJ3zNV13+m3l4nZKvgqXWOLkxE0/BtLQSks
NyNpB4onqKA7PoQZpBLnp5sRE0axnay5Ny1uST492gFUy77B0FYdEePPtjeBoMtZ
t+Y2Wav3ORW7/aXjAssHWQkZC8pgYO9inZ08PrGDa4p1ud93YoswjXj8MlM2OUOp
IWZFKW8eDdjWte7vJ3lMabPJJawteTxYUS4eMsxSmcFq7JKnQwIEau0GHXerAnQn
g3zwh9cyDyz6B0j51oyq8qMb1u+f6+d91hdAjpS9edjX1FAx6GGNXtaPXNxTVYDg
RZQdbd5vlbq9OXLs/duEb3Dlgm7DSNmHl6Gig0Y+aBfujoq6+xY+g5CkwkPHJ8zK
P+G+t82TFKKPN0QSS0J8dHLM0Z7ln4YX+gmPZTzJszEU/CX8slL311P2KlCcJ2sB
fGGn+tSmARuHCbd+Lx7Y
=meYj
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/294ad2fd-4890-18cf-277d-250d7c1c64df%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] USG - AFirewall For USB's

[Robert Fisk]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/15/2017 05:22 PM, Syd Brisby wrote:
> If you remove the wireless module from a laptop, then connect a USB
> wifi adapter (or bluetooth adapter) to a USG and plug the two into
> the laptop, could a (future?) USG act as a hardware firewall for
> the wifi device (or bluetooth device)? For example, Deter MAC
> address scanning? Deter portscanning and rogue packets being sent
> to ports? Deter man-in-the-middle hotspot attacks? Or deter
> bluetooth hacking attempts? etcetera.
> 

Theoretically yes, a USB firewall could perform this function. However
it would involve porting large parts of the linux network stack to run
on an embedded microprocessor with 256kB flash and 64kB RAM. Difficult
and painful if possible at all. Certainly not a task for one developer
in their spare time!

-BEGIN PGP SIGNATURE-
Version: GnuPG v2

iQIcBAEBCgAGBQJYycOvAAoJEN65WsAVra66v+EP/1scyx4Fk1s+7R8zIA8wME2c
C7hNYmoDv9s2ILcYhsY7wBCbg5AC0kx1dDPZkMnn54n2DQ6Pei3E5ANXIZZB0efY
A3CXT8VLdJ0HnmQ85LCyjSIGcY0zP+TbhSeNBptCxMAh5C6Dlte31Rf7gEDRj79z
miG7g/p4iNUK3iFLCYxe5HhX0xd0QCm8hWzYf5PBpUWQL0pPQnuKIkesIvgttaSM
xlSycSOySstul56WA9Nt+d66hfqhlLgsdpnVaO6nTwcYxZHEqIOMfoT5VDTQqbib
pmJPjoulgO6cXY/P2EWLRnToKlzc8j3TBgBvSr2NRQ+W5pmIJc7vNGKLqc2fO1WS
Ba1hle7fXLVRu7sAKdZPwZB8s0jxsN8v1iWPnjEex/DF7ZWtgbpt2uU//wm4H9vO
Dd3bqvjwcb7dnWzDQ0rnqVa2XBJfWipOQOPPO2UaiKo03a2rQz3UX9sAaN4ukxSs
FZmewFPk8NbJ/Ynp0kJdcO3Al5UtsbgGg//nuQeNBmNqMnvJfd4WgpuwstOkx95m
h0on7lZIHRQw3BiG83thMCi+9JlcVMI6OnheQJYwtAEVpcNtI0LanpVI9mbkGR2Y
5GngttD19fe4aoNjkNuPko28H3vfQFgK255oKMPnhtD2ES0iROLh+M2FeeAh3G2/
YRbZl7Fc8Si4PDHveKD2
=ZwtO
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5fe82838-011a-54e4-7cae-1c9fbac0fe22%40fastmail.fm.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Curious: https for yum repos

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2017-03-15 01:15, haaber wrote:
> Chris,
> 
>> Fedora *unfortunately* is the blacksheep here. It doesn't sign a
>> repo file, therefore an attacker can hold back individual
>> packages withing what appears to the user as a stream of normal
>> update cycles.
> 
> I read this as "fedora is less safe" since exposed to described 
> attacks. Actually I never used it in my prequbes life, and I would
> still not if there were alternatives to fedora-minimal.
> 

Not sure I would read it that way.

> So: Is there a debian-minimal available?

The existing Debian template is already pretty minimal, so no
debian-minimal template has been created.

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYycKKAAoJENtN07w5UDAw5pEP/3cwkt8mT4UJudAfWd/8FFPq
Kn6YIazddd1QdKaRNjpKb1/sVk+xLyC3UpMb0e7mjpDhhV4YHe3q24OO7dyau1T9
tyxObCKX7JTKneRjzM0gsyYZm7PBiNRPUl6QfCm6KPsP/GPnFygDAvAJXc2V5ZEh
+U4m5OxqnZnR7q7sq5VH91BIWCtyZ0mNV31Sx/gbRJtXhjMgst64kKge/dtceIzK
c/8dcxPj11sRH3q6L4JO6/BqOz4dBSdie7oHdnGNt8RHu/+y9Cl9elMwfUuBSxSJ
H/yQ29Ts2N1cLfwQYT03V+bGOQgP//moAWW6fwxzPpA53zfVDtQt2YwB1DKFlQoK
JYciBg6LgY1uA9bUD7+SLEDaBtb2GP2MWblWLDPY6GAuppCOMZQu7oiOSWH5QxQp
ZQ4rTuol2O2ERJu81Z9mpnQshzhIuvSwV5f9HR0AozNnU0ZCCjydqRVEbWmFUPpV
8ftB+dNjDvWdwA3VGv7Nw8bxcx81urjdM1Rj7H3Ta5UQTAzUgMFxNFnA1O98qNoc
T/MFlOR7S/PnJ4gzR/VWR1BG4KOtiCQxaUUO5rcuDrPbXVFI6NJ5zuuWusXH74Om
SXXXdofb/qR43D6UD5e3hi1AhD7KacbqUliW/YVaWOVuzvAKYybi5G+GeUHHQzUV
IUTSVy5q/HFthMiDyWYC
=R9PN
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d27e2594-30eb-3d51-5f1a-ce114e617a58%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: epoxy on ram to prevent cold boot attacks?

[thinkpad user]

On Wednesday, August 31, 2016 at 8:25:33 PM UTC+4, pixel fairy wrote:
> poured some epoxy over where the ram connects to the motherboard

modern RAM keeps data after hours after disconnecting in from MB. (wont search 
that paper now, plz search on your own). there are also physical traces of RAM 
state on RAM device. thats why some folks are moving keys in RAM(xoring it 
actually) every 10 seconds or so, in their opensource encryption software. 
there is papper on in too, with photo of such physical micro traces. paper also 
explains why RAM manufacturers are trying to keep volts as low as possible.

imo encrypted RAM is more safe. but where to store keys? CPU cache, VRAM? or 
separate PCI device? unsure about speed of PCI vs RAM though. but safe storing 
keys in HW of major, massive vendors is a wrong idea because of obligatory 
unofficial backdooring. maybe it is possible to only encrypt part of RAM with 
PCI located key(original PCI storage device). example: main system is in RAM, 
VM's RAM is encrypted (using driver) and the key is on PCI storage device.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/512950a4-6d96-4698-833d-ccf20ba33f9d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Updating Fedora-23 template to Fedora-25

[kasimir . wachlow]

I managed to update to Fedora 25 by upgrading from Fedora 23 to Fedora 24 and 
then from Fedora 24 to Fedora 25 like described in the Documentation.

I changed the AppVM templates. Is it wise to change the sysVM templated to 
Fedora 25 as well?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ea24e1dd-4d94-4847-9733-2845b628b10a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: USG - AFirewall For USB's

[thinkpad user]

as far as i understand general method(control everything in data stream), 
adding support for new type of device is difficult, IF such HW firewall is 
connected to HW USB. i recall some device which transfers USB data over LAN, so 
user can connect any USB HW over LAN. by this way it is possible to have 
special VM with fresh state for every USB dev connection. after device is used, 
every possible not wanted effects are gone with the reset of VM. such VM could 
start automatically upon each USB plugin event. there is no real reason also to 
store such mini temp VM in SSD. it can be located in RAM.

i believe Gbit LAN has potential. right now am considering some perverted 
"immortal SSD" idea based on following:
SODIMM CHEAP (used) RAM modules (1,2,4 GB) in few motherboards. RAM disc is 
created in such motherboard upon boot and then shared over Gbit LAN. i believe 
it is possible to make very compact version for notebook(thats what am planning 
to do after i figure out how to connect about 16 RAMs. without having lots of 
notebook motherboards). motherboards are backed up by battery.
how to use: before actual task, the contents of SSD copied to LAN disk. before 
shutdown, HW SSD (or even HDD actually) gets only updated data from this shared 
over LAN RAM disk. on RAM disk user can have VMs. WHY? there are plenty of 
cheap 1 2 4 GB used RAM modules. as far as i can remember RAM module have long 
lifespan. so user actually gets cheap SSD which capacity only gets bigger over 
time. i believe there can be one trusted HW machine and lots of untrusted HW 
devices shared over LAN or SPI. LAN or SPI opensource HW.
LAN speed is just fine unless you want USB display or Kinect.
again: main idea is to transport original HW USB data stream to the emulated 
(Virtual) USB connected to VM, _without firewalling it at all_. using LAN or 
other means.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/fb160e8a-c1e5-413b-88f3-b097a2f2d5b1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Keyboard layouts with multiple keyboards

[Vít Šesták]

Well, maybe my problem is a bit different: It seems to switch to default 
variant of the selected layout, while I am using non-default one. Subsequent 
problems are probably caused by the keyboard “split-brain”. The problem with 
layout variant suggests the reason why I was not able to find any details on 
it: I assume the problem affects quite less users than forced switching to US 
layout.

I could try setting Czech language in dom0, but it would hardly set the desired 
keyboard. If there was any influence, I expect it would set the default cz 
layout, which is even more different from what I use.

I haven't try dpkg-reconfigure, because the problem starts in dom0, not in 
AppVM.

I have looked at the files /etc/vconsole.conf and 
/etc/X11/xorg.conf.d/00-keyboard.conf and they both refer to US layout. Maybe 
vconsole.conf is not worth of modifying (I don't have the layout for console…), 
but I can try changing 00-keyboard.conf.

Regards,
Vít Šesták 'v6ak'

P.S.: Why I got confused: I use CShack layout (see http://xakru.com/cshack/), 
which is derived from US layout, but adds support for diactiric characters 
(Czech, Slovak, German, Spain) and various typographic characters (like 
'≠–—«»±„“”…'). The default variant is hard to distingiush from us layout on a 
keyboard that does not have CapsLock, which works as a modifier key on this 
layout. I use a non-default variant (extracs_ralt) that adds RAlt (AltGr) as 
another modifier (equivalent to CapsLock modifier key) and modifies number row 
to be more close to standard Czech layout.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/3a172168-a145-4558-9846-686c68630b4b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Feature request: "HDD Airbag" analog

[thinkpad user]

Feature request: "HDD Airbag" analog

overview:
https://support.lenovo.com/nl/en/solutions/ht003517
list of supported devices:
http://support.lenovo.com/nl/en/downloads/ds015000

is it possible to add this feature to Qubes? or atleast provide some interface 
to poweroff/park HDD? yes, Qubes requires SSD for good operation, but imo most 
users like to have SSD + large HDD for media or other content. i believe qubes 
can be really friendly for not so geeky user, by having such features or 
atleast providing support so user could write such soft.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/16be7dee-54e1-404a-9e42-581fba972bb8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Kicking the sudoers dead horse

[Nick Darren]

On 03/15/2017 02:24 AM, Chris Laprise wrote:
> On 03/14/2017 07:18 PM, Chris Laprise wrote:
>>
>> # Protect sh and bash init files
>> chfiles="/home/user/.bashrc /home/user/.bash_profile /home/user \
>> /.bash_login /home/user/.bash_logout /home/user/.profile"
>> touch $chfiles
>> chown -f root:root $chfiles
>> chattr +i $chfiles
>
>
> The line break on that didn't work out (delete space before
> backslash). Here it is fixed:
>
> https://github.com/tasket/Qubes-VM-hardening/blob/master/rc.local
>
> Also changed to avoid abort of script.
>
Hi Chris,


How did you handle error message like below when you deny the request of
su/sudo using vm-sudo :

[user@fedora-24 pam.d]$ su
/usr/lib/qubes/qrexec-client-vm failed: exit code 1
su: System error

[user@fedora-24 pam.d]$ sudo dnf update
/usr/lib/qubes/qrexec-client-vm failed: exit code 1
sudo: PAM authentication error: System error


Is there any method to put something like 'permission denied' message
instead of the message above?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2f24304b-1584-66aa-7e77-8394d42824f4%40gmail.com.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Kicking the sudoers dead horse

[cooloutac]

On Wednesday, March 15, 2017 at 3:15:15 PM UTC-4, cooloutac wrote:
> On Tuesday, March 14, 2017 at 7:22:04 PM UTC-4, Chris Laprise wrote:
> > On 03/14/2017 12:57 PM, cooloutac wrote:
> > 
> > > yes I agree having to click yes in a dom0 popup will not be cumbersome 
> > > for most. But is it that easy for the devs to implement?
> > 
> > Its already there, for a long time now. The vm-sudo doc describes how to 
> > enable it.
> > 
> > -- 
> > 
> > Chris Laprise, tas...@openmailbox.org
> > https://twitter.com/ttaskett
> 
> thanks!

 I think this thread is now sudo vs doing everything in dispvms? lol well 
regarding sudo you guys heard about the malware fsybis last year?  installs on 
linux system without root by clicking bad link.  persists, keylogs, phones 
home, spreads. root not required.  and I mean what data you got in root 
directories thats more private then user data?  

I guess the argument is that you are protecting dom0 by using sudo in an appvm? 
Sorry if I;m stating the obvious.

But doing everything in a dispvm?  Sure, if someone else sets it up and 
maintains it for me lol. I'm not gonna bother with the scripts, I use Qubes so 
I don;t have to read emails in text only mode and implement crazy security 
measures like selinux or apparmor with grsec, which also have never helped me 
much before. I gave all that stuff up.

All it takes is one bad click and something I say yes to.  It happens to 
everyone eventually.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/df29a1f1-8f8e-497a-8389-95e8d6ab3e9f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Kicking the sudoers dead horse

[cooloutac]

On Tuesday, March 14, 2017 at 7:22:04 PM UTC-4, Chris Laprise wrote:
> On 03/14/2017 12:57 PM, cooloutac wrote:
> 
> > yes I agree having to click yes in a dom0 popup will not be cumbersome for 
> > most. But is it that easy for the devs to implement?
> 
> Its already there, for a long time now. The vm-sudo doc describes how to 
> enable it.
> 
> -- 
> 
> Chris Laprise, tas...@openmailbox.org
> https://twitter.com/ttaskett

thanks!

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/058a93d3-cbab-47d1-9b82-5c9e00297c6e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Razer Looking for Our Input about Linux on Razer Edge

[taii...@gmx.com]

On 03/15/2017 01:14 PM, Grzesiek Chodzicki wrote:

W dniu środa, 15 marca 2017 17:44:41 UTC+1 użytkownik tai...@gmx.com napisał:

On 03/15/2017 12:23 PM, Grzesiek Chodzicki wrote:


W dniu wtorek, 14 marca 2017 23:24:37 UTC+1 użytkownik john.m...@gmail.com 
napisał:

This is your chance to tell Razor that we don't want binary blobs or "Intel ME" and that 
they can sell a lot more if they become "Qubes-certified".

https://insider.razerzone.com/index.php?threads/welcome-to-the-linux-corner.20618/

Holler loud and cross your fingers.

John E. Mayorga

Just posted on this thread. Would be nice if they actually went through the 
Qubes certification process, their laptops are very nice.


This is impossible without cooperation from intel, any intel system from
nehalem (first core system) on will NOT work without the ME binary
blobs, the (black box) supervisor processor will simply auto-restart
after 30 minutes.

If google can't get intel to release the code and a flashing mechanism
for ME then nobody can.
https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/
ME, PSP, FSP, etc containing firmware is not "open source" as binary
blobs perform the entire boot process with coreboot simply a wrapper layer.

For brand new computers the only real choices are POWER and (some) ARM.
All current IBM POWER systems are entirely owner controlled with no
hardware signing key enforcement and you can buy one starting at around
3K (comparable to an intel server system of equivalent cost).

if you want an x86-64 laptop the only choice is a 2013 FM2 processor (no
AMD PSP unlike FM2+) which is new enough to be useful (see coreboot on
the lenovo G505S)
For x86-64 desktops there is the KGPE-D16 and KCMA-D8 coreboot
motherboards which will work without blobs, which are both new enough to
be useful but not brand new.

I just checked the Minifree website. Although the premise is really nice 
(firmware-free dual CPU workstation, server or laptop) the 6-month lead time, 
the price overhead and mediocre specs are a big turnoff. And, just like Purism 
did earlier, the price overhead makes it seem like privacy is a privilege of 
the rich.
Minifree's workstation configuration that comes the closest to my PC costs over 
twice as much with much slower CPU, slower RAM and slower SSD.
Don't buy from minifree, they're overpriced just assemble it yourself 
and get used cpu/ram.


The KGPE-D16 itself is around $400, or you could get a KCMA-D8 for $200 
with one or two 4386 CPUs ($50) if you don't need uber performance.
I'd get a 6284SE if you are on a budget you can get em for around $100 
otherwise the best CPU is a 6386SE for around $300.

https://www.coreboot.org/Board:asus/kgpe-d16

4386 is equivalent to a FX-8370E
6386SE is equivalent to two FX-8370E

You would be able to max out new games, combined with a quality GPU (I 
recommend AMD so you can do easy IOMMU pass-through for graphics)


As I said purism is an overpriced quanta laptop, their laptops are not 
at all libre even the ones that claim to have "coreboot" don't have any 
open source hw init it is all done by binary blobs.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0e20e569-ef9a-5e35-2f89-1c8ce002cba3%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Updating Fedora-23 template to Fedora-25

[kasimir . wachlow]

Dear people and machines,

I just setup a clean Qubes 3.2 installation and tried updateing the Fedora-23 
template to Fedora 25. 
I followed the instructions from the Qubes Docs site: 
https://www.qubes-os.org/doc/template/fedora/upgrade-23-to-24/ and substituted 
24 for 25. After doing that the new Fedora-25 template still identified as 
Fedora 23 Workstation Edition when 'cat /etc/os-release' was entered. 
I decided to try again and cloned the Fedora-23 template and just made a 
regular dist-upgrade like described here: 
https://fedoraproject.org/wiki/DNF_system_upgrade. The result was the same, the 
new template was again Fedora 23 (Workstation Edition).

I'd like to know if this is some kind of artifact and it is Fedora 25 although 
it says its not. If that isnt the case, how do I get Fedora 25?

Thanks in advance,
Kasi

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a3dc9dcd-4636-4000-80c4-f1cad0d32204%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Razer Looking for Our Input about Linux on Razer Edge

[Grzesiek Chodzicki]

W dniu środa, 15 marca 2017 17:44:41 UTC+1 użytkownik tai...@gmx.com napisał:
> On 03/15/2017 12:23 PM, Grzesiek Chodzicki wrote:
> 
> > W dniu wtorek, 14 marca 2017 23:24:37 UTC+1 użytkownik john.m...@gmail.com 
> > napisał:
> >> This is your chance to tell Razor that we don't want binary blobs or 
> >> "Intel ME" and that they can sell a lot more if they become 
> >> "Qubes-certified".
> >>
> >> https://insider.razerzone.com/index.php?threads/welcome-to-the-linux-corner.20618/
> >>
> >> Holler loud and cross your fingers.
> >>
> >> John E. Mayorga
> > Just posted on this thread. Would be nice if they actually went through the 
> > Qubes certification process, their laptops are very nice.
> >
> This is impossible without cooperation from intel, any intel system from 
> nehalem (first core system) on will NOT work without the ME binary 
> blobs, the (black box) supervisor processor will simply auto-restart 
> after 30 minutes.
> 
> If google can't get intel to release the code and a flashing mechanism 
> for ME then nobody can.
> https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/
> ME, PSP, FSP, etc containing firmware is not "open source" as binary 
> blobs perform the entire boot process with coreboot simply a wrapper layer.
> 
> For brand new computers the only real choices are POWER and (some) ARM.
> All current IBM POWER systems are entirely owner controlled with no 
> hardware signing key enforcement and you can buy one starting at around 
> 3K (comparable to an intel server system of equivalent cost).
> 
> if you want an x86-64 laptop the only choice is a 2013 FM2 processor (no 
> AMD PSP unlike FM2+) which is new enough to be useful (see coreboot on 
> the lenovo G505S)
> For x86-64 desktops there is the KGPE-D16 and KCMA-D8 coreboot 
> motherboards which will work without blobs, which are both new enough to 
> be useful but not brand new.

I just checked the Minifree website. Although the premise is really nice 
(firmware-free dual CPU workstation, server or laptop) the 6-month lead time, 
the price overhead and mediocre specs are a big turnoff. And, just like Purism 
did earlier, the price overhead makes it seem like privacy is a privilege of 
the rich.
Minifree's workstation configuration that comes the closest to my PC costs over 
twice as much with much slower CPU, slower RAM and slower SSD.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0157a6c1-f70c-44f6-9e2c-3db7db6766ca%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] How to set dns in sys-net

[eldorado]

I want to set dns in sys-net .
After installing dnscrypt-proxy in sys-net template i have access to 
internet in sys-net

via new dns address with these commands.
"sudo dnscrypt-proxy --daemonize --syslog -R dnscrypt.eu-nl -a 
127.0.0.2:53"

"dig txt opendns.com"
and dig command shows me i have access to new dns address(127.0.0.2:53).

but sys-firewall doesn't have access to internet.
How can i fix this?

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/77470722b5a02dbec813de337de74559%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Razer Looking for Our Input about Linux on Razer Edge

[taii...@gmx.com]

On 03/15/2017 12:23 PM, Grzesiek Chodzicki wrote:


W dniu wtorek, 14 marca 2017 23:24:37 UTC+1 użytkownik john.m...@gmail.com 
napisał:

This is your chance to tell Razor that we don't want binary blobs or "Intel ME" and that 
they can sell a lot more if they become "Qubes-certified".

https://insider.razerzone.com/index.php?threads/welcome-to-the-linux-corner.20618/

Holler loud and cross your fingers.

John E. Mayorga

Just posted on this thread. Would be nice if they actually went through the 
Qubes certification process, their laptops are very nice.

This is impossible without cooperation from intel, any intel system from 
nehalem (first core system) on will NOT work without the ME binary 
blobs, the (black box) supervisor processor will simply auto-restart 
after 30 minutes.


If google can't get intel to release the code and a flashing mechanism 
for ME then nobody can.

https://web.archive.org/web/20161010040458/https://blogs.coreboot.org/blog/2015/02/23/the-truth-about-purism-why-librem-is-not-the-same-as-libre/
ME, PSP, FSP, etc containing firmware is not "open source" as binary 
blobs perform the entire boot process with coreboot simply a wrapper layer.


For brand new computers the only real choices are POWER and (some) ARM.
All current IBM POWER systems are entirely owner controlled with no 
hardware signing key enforcement and you can buy one starting at around 
3K (comparable to an intel server system of equivalent cost).


if you want an x86-64 laptop the only choice is a 2013 FM2 processor (no 
AMD PSP unlike FM2+) which is new enough to be useful (see coreboot on 
the lenovo G505S)
For x86-64 desktops there is the KGPE-D16 and KCMA-D8 coreboot 
motherboards which will work without blobs, which are both new enough to 
be useful but not brand new.


--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0a74447f-2cae-b217-4da7-405f43b7222e%40gmx.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] Re: Razer Looking for Our Input about Linux on Razer Edge

[Grzesiek Chodzicki]

W dniu wtorek, 14 marca 2017 23:24:37 UTC+1 użytkownik john.m...@gmail.com 
napisał:
> This is your chance to tell Razor that we don't want binary blobs or "Intel 
> ME" and that they can sell a lot more if they become "Qubes-certified".
> 
> https://insider.razerzone.com/index.php?threads/welcome-to-the-linux-corner.20618/
> 
> Holler loud and cross your fingers.
> 
> John E. Mayorga

Just posted on this thread. Would be nice if they actually went through the 
Qubes certification process, their laptops are very nice.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/c9fdcae7-e50c-4cb1-9ea1-9c1dc55745e9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] HCL - ASUSTek Computer INC. Q550LF

[Dave]

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/94411768.77363907.1489594451408.JavaMail.zimbra%40comcast.net.
For more options, visit https://groups.google.com/d/optout.


Qubes-HCL-ASUSTeK_COMPUTER_INC_-Q550LF-20170315-121145.cpio.gz
Description: application/cpio-compressed
---
layout:
  'hcl'
type:
  'notebook'
hvm:
  'yes'
iommu:
  'no'
slat:
  'yes'
tpm:
  'unknown'
brand: |
  ASUSTeK COMPUTER INC.
model: |
  Q550LF
bios: |
  Q550LF.211
cpu: |
  Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Haswell-ULT DRAM Controller [8086:0a04] (rev 09)
chipset-short: |
  FIXME
gpu: |
  Intel Corporation Haswell-ULT Integrated Graphics Controller [8086:0a16] (rev 09) (prog-if 00 [VGA controller])
gpu-short: |
  FIXME
network: |
  Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 0c)
  Intel Corporation Wireless 7260 (rev 6b)
memory: |
  8075
scsi: |
  ST1000LM024 HN-M Rev: 0002
  DVDRAM GU71N Rev: AS00
  USB 3.0 FD   Rev: PMAP

versions:

- works:
'FIXME:yes|no|partial'
  qubes: |
R3.2
  xen: |
4.6.4
  kernel: |
4.4.38-11
  remark: |
FIXME
  credit: |
FIXAUTHOR
  link: |
FIXLINK

---

Re: [qubes-users] Kicking the sudoers dead horse

[sm8ax1]

Chris Laprise:
> On 03/14/2017 11:30 PM, sm8ax1 wrote:
> 
>> Second, you mention that ~/.bin/sudo could be overwritten with the
>> attacker's binary or a script. I'm not sure I understand what you mean
>> exactly... the real sudo works by virtue of being owned by root with
>> suid. An attacker running as user cannot create a file owned by root, so
>> neither the real sudo nor a fake one could elevate privileges. If you
>> mean that `sudo` could be aliased to something else, I'm not sure what
>> that would accomplish; the underlying command would still run as the
>> invoking user. I'm just not quite getting what you're saying.
> 
> By changing the order of $PATH paths or adding an alias in .bashrc a
> regular user process can impersonate the sudo and su (and other)
> commands so their version will run and ask for authorization whenever
> you do 'sudo somecommand' instead of '/usr/bin/sudo somecommand' (the
> latter would not be vulnerable). It will look normal and 'somecommand'
> will run, but attacker can piggyback his own commands to execute as root
> also.
> 
> (This is an old issue, resembling the way attacks could be carried out
> in Xwindows like clipboard sniffing, etc. and was ignored.)
> 
> Without ability to write shell init scripts, attacker can only change
> aliases or $PATH (or $LD_PRELOAD) for his own processes, but not for the
> shells or apps you started yourself.

Thanks for clarifying that. Piggybacking his own commands in addition to
the argument to `sudo` is the key part I wasn't getting. The fix to that
I think would be showing the command (binary path + args) in the Dom0
dialog.

e.g.
"my-vm" is attempting to run "/usr/bin/bash -c '/home/user/.malware.sh ;
realcommand'" as root. Allow?
[x] Always do this for requests from this VM in the future.
[Yes] [No] [View environment variables]

It might already have some of these features for all I know. I haven't
tried it yet.

Untrusted environment variables, if allowed by sudo (they are disallowed
by default), present another problem. This could probably be solved by
showing the untrusted/modified ones in the dialog as well.

>>
>> Setting the shell startup files to immutable is a good idea I hadn't
>> thought of. Actually I think setting them to root:root mode 755 would be
>> sufficient, wouldn't it? That would make it one step easier to modify
>> them as needed.
> 
> Not sufficient because 'user' still owns that dir, so it can delete
> those files even if they're root. Then attacker can write their own
> version. Solution needs +i to prevent replacement in a user-owned dir.
> 
> Going the other way--using only +i and not root ownership--should work
> but I was trying to be thorough. In practice user will probably modify
> script as root after using 'sudo chattr' so convenience-wise it doesn't
> matter.
> 

I don't know why I didn't catch that. I guess I have to go back to Unix
101.

Immutable it is. Just a note for the record, this is an added
anti-persistence feature, but it isn't required for vm-sudo to work as
described.

-

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the 
NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/7a291de8-3591-4983-f27e-55b2be131ca2%40vfemail.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] feature idea: creat trusted office document

[Jean-Philippe Ouellet]

On Tue, Mar 14, 2017 at 7:44 PM, cubit  wrote:
> - open dom0 terminal
> - get dom0 to open a disp terminal in the same dispVM as the disposable doc

Ouch. I'd forgotten how annoying that could be. I have a script [1]
bound to a keyboard shortcut to open a terminal in the same VM as the
front-most window. Perhaps you might find it useful?

[1]: https://gist.github.com/jpouellet/0f74459699433cabc26c389caf36b455

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CABQWM_CSbH2BdG2wq6wGgEn9wegHV4BmDcLe_cYmjr0LXjrMXw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] other SSD for VM, not possible?

[evo]

Hello!

rather simple question:
as i understood, its not possible to install VM on other SSD as the
Qubes, isn't it?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/af21b4fe-7b8e-4e5a-e137-6efe7bc221eb%40aliaks.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Curious: https for yum repos

[haaber]

Chris,

> Fedora *unfortunately* is the blacksheep here. It doesn't sign a repo
> file, therefore an attacker can hold back individual packages withing
> what appears to the user as a stream of normal update cycles.

I read this as "fedora is less safe" since exposed to described
attacks. Actually I never used it in my prequbes life, and I would still
not if there were alternatives to fedora-minimal.

So: Is there a debian-minimal available? For normal and even advanced
users it is almost impossible slim down a std debian via uninstalling
unused packages without destroying the system : which of the (in large
parts cryptic) package names are vital?

Bernhard

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/82474c54-4afe-cff1-ea8b-b569b56b4748%40web.de.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: is it better to have just standaloneVMs?

[evo]

Am 15.03.2017 um 01:17 schrieb Unman:
> On Tue, Mar 14, 2017 at 08:02:58PM -0400, Chris Laprise wrote:
>> On 03/14/2017 01:55 PM, evo wrote:
>>> hmm.. this is also a good point, thanks!
>>> so if i do not use openoffice in my bankingVM, there is no practical
>>> vulnerability in it.
>>>
>>
>> Yes and no. Off the top of my head, there are two things to be concerned
>> about with the (regular, distro) software you install:
>>
>> 1. Does it cause an additional service to start accepting connections?
>>
>> 2. Does it have a MIMEtype or similar mapping, so that clicking on a
>> mislabeled file could cause it to open in an unwanted/risky app.
>> Unfortunately, nautilus doesn't seem to have a setting for always asking
>> before starting an app. But at least it defaults to double-click instead of
>> single-click.
>>
> 
> 3. Installing some programs, like libre/openoffice, brings with it numerous
> libraries and attendant programs which may widen the attack surface of
> your qube considerably.
> 

so its better to have such VMs as banking or email in standalone-mode.
The thing is... as i understood, stanalone-machines (if they are not
HVM) have all software from the template they use. So the only way is,
to install new iso on HVM, isn't it?

in that case, i don't really understand the sense of standalone AppVMs.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6fbf49d5-8f53-4c1e-b85c-026667fc65fa%40aliaks.de.
For more options, visit https://groups.google.com/d/optout.