On Fri, Jul 10, 2020 at 08:18:20AM +, Alex Lu wrote:
> I've been thinking about splitting my templateVMs into a bunch of smaller
> ones with no root access where I don't need it. Is having like 5 templateVMs
> 4 of which have no root is better than having 1 templateVM which have root
> and in charge of every appVM? Or there is no security benefits considered I
> never do anything in templateVMs, besides installing packages, all of which
> are from official repos?
>
> Alex
>
The purported security benefit is that if the qube is compromised it
will be more difficult for the attacker to use root commands.
The Qubes position is that this benefit is illusory, in that if an
attacker is able to compromise your qube in the first place they will be
able to get root, even if `su` is not available.
Take a look at /etc/sudoers.d/qubes.
That said, there is a clear benefit in using multiple templates, in that
you reduce the attack surface of each qube. Base your templates off
minimal templates and only install the packages you need for qubes that
will use that template.
unman
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20200712123554.GD922%40thirdeyesecurity.org.
