Re: [qubes-users] Re: Is there any hope for Wayland?
On 09/13/2016 05:52 AM, Vít Šesták wrote: > Well, the points you have mentioned are also dubious for mainstream Linux > environment, not only for Qubes, because they suppose a malicious app already > installed in the system. They do not presuppose that. They merely presuppose an app has been compromised by an attacker. This presupposition is valid in mainstream Linux, and invalid in Qubes dom0. See the difference? -- Rudd-O http://rudd-o.com/ -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c1be755c-9344-e94c-eeea-06f9de801cae%40rudd-o.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Is there any hope for Wayland?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-12 22:52, Vít Šesták wrote: > Well, the points you have mentioned are also dubious for mainstream > Linux environment, not only for Qubes, because they suppose a > malicious app already installed in the system. > > Other point are, however, accidental interferences with lockscreen. > For example, I sometimes see Thunderbird popup on the lockscreen. I > don't consider Thunderbird to be a malicious app (if it was, it would > probably send my emails via Internet, which would be more practical), > but it still leaks few information. There are also some complaints by > other users, see discussions about Physlock (which might be also a > way to address these problem). > We should be careful to distinguish the claim that X11 screen lockers *cannot* (even in principle) be secure (e.g., due to inherent architectural limitations) from the claim that most (or even all) *existing implementations* of X11 screen lockers are flawed, buggy, or insecure. Your and others' (legitimate) gripes about the screen lockers we currently use are evidence of the latter (but not necessarily the former) claim. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX15c7AAoJENtN07w5UDAw12oP/ihA/AfRA/y6C6Zd9pAiA078 Lk6HiaRr5AyMEsD9jDkE/wXYzKTWXbz1g6aRsjsQHmkCDG4mFd7gahKtm8ipGTPe OFLGqaKjBu+e7eJLebd11DAT4iuQxa02rz2+c99dNXKZtf5RszDK6BMPhakq7PMY G6oD1A4jyq0X78sKKTBWCgg2kkMe0mQVogWThXo5rLCjD/yqREAG6WDn7Q+no8R/ FvCd6FrbsrVFdLgO/W4g9ovvec1Wi5Fy3Cgx1iruW1t9ARSeYLuCT3FAeNdmtOUx FhJvbpYdwc/GlFUSE9p1Xc7YYiBH2VATr26R7vBa9B4IABtymdVYJ9ifM3IuY9SN bbCOCFQcmgH971DFN/Tou6qKD26PMMP6ovX8QnxpEX48irqlQl5Od3TN0FZORgVf 4VV5mB3jQ0+qoiLHJsEi8tjJUrfbnCbBArzw/ABFAoDEoeX00iPfpogR+ZplRjpN WuXDmEUo8fp/SCgtk8rFVoFbeTSzTXgan8roQ0fKo6IiHLylm8esojzzyXUsK2Ss Hh3OHsq+zORZxMqrvHP6JgkL4sd263ez41ds685zCWvMSq1IUwSlVXq3EMDPx5GH pVgSrtwnHM3kNOALPBgNaw80HGsnhAWqz2OFTfxFZ1W4T1dLwji+P6FcjK96rPI4 E4ANXZRzxWj9vvL8CQLA =ubMd -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/09d27472-5a20-eede-7548-acb4b4729a4a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Is there any hope for Wayland?
Well, the points you have mentioned are also dubious for mainstream Linux environment, not only for Qubes, because they suppose a malicious app already installed in the system. Other point are, however, accidental interferences with lockscreen. For example, I sometimes see Thunderbird popup on the lockscreen. I don't consider Thunderbird to be a malicious app (if it was, it would probably send my emails via Internet, which would be more practical), but it still leaks few information. There are also some complaints by other users, see discussions about Physlock (which might be also a way to address these problem). -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/748d54f3-b9d3-4aa6-8ec2-7b1b5456f2ef%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Is there any hope for Wayland?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-09-12 06:06, Lorenzo Lamas wrote: > Imo a good reason for Wayland in Qubes(Dom0 at least) is because x11 > lockscreen is not secure. > Are you referring to this? https://blog.martin-graesslin.com/blog/2015/01/why-screen-lockers-on-x11-cannot-be-secure/ If so, I see your point, but I don't think this is as serious of a problem on Qubes as it is on other systems. Brief summary of points from the blog post and responses: Screen lockers on X11 cannot be secure because they... 1. Can be prevented from starting. Since the screen locker runs in dom0, and only trusted programs run in dom0, this will never happen maliciously in Qubes (unless dom0 has already been owned, in which case it's already game over). 2. Can be spoofed. VMs cannot enter fullscreen mode without user permission, so a fake screen locker in a compromised VM cannot successfully spoof the real locker in dom0. 3. Cannot prevent other windows from grabbing screen content. Qubes' GUI isolation prevents exactly this, regardless of whether the screen locker is active. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX15BuAAoJENtN07w5UDAwMKAP/i6EAU22/mrGf8gBYFUQ0135 GjcttQPR/BgortZEYOFAYCDpBc1R5jx3VIgXe8yCMnlLKsh927S0dKpayfWHxfkT yLHl+N/hah/suKu/Mh5J5skXpbOuvS5xzHeQRjMvxAMQrD5w0Q8nrZ/fR+LHHKK7 GvAGuJQeL8yIPdqda2dj+4IyBNGJE+txtmg5NQ9/a5WnyRDIEaGBOflLVIOQRdoC YjOw9P2+c53xNqq3N1o/fYeUl0i/OZJVkwmperuJt8UxbNvq/9jUOFhxdOTQoJRX Laqjd2vRGrG6wcTFrrb8aernM0HPUqYzcP/mXTiWWts0JHzmETz3rANTqNPD5Ka4 DfnbvpbEHSVz6jHuHSVPayCoBzVzGfv/DhFCxeKcqkDVRANhjdpJlWi3wLScK8GD vrnrwpVvmuXLgXoMJmoCsuOSIwO1h2WBvwqeZT5sWQBsuJo7BVLxe+eDSpH9ZHg4 8llWfgYkXEbZwN95VYsskgtAGj5F1zPNLJD/iCXmPIwejbCsZtCu7YNjBlL5ggZ+ ca7J4Bf43BvBG6YL36xqLBHSA4Gz7CqhLvyRiQBZf1AOq46fcg0WuJgNp/njk/jf QrfKpX7QFuC6uy3bvasZ8EW8at5xiUHGvdmT6MG20xI7+47bwKSipoWpvONKhFfG 1xAaZakVQ1ISCMmNP+ka =MZHx -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9aeb8cf6-4c7b-3883-9985-287f4d8dd3b4%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is there any hope for Wayland?
This one might be the best reason for Wayland in Qubes, provided that Wayland is better. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0f28d9d6-c56f-4af3-be9d-20e71941d4eb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Is there any hope for Wayland?
Imo a good reason for Wayland in Qubes(Dom0 at least) is because x11 lockscreen is not secure. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/5e0fc300-683a-4303-a8fa-eeb690843ae7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.