Re: [qubes-users] Re: Improvement: check disk space before copy to VM
On Mon, Nov 14, 2016 at 2:42 PM, Jean-Philippe Ouelletwrote: > On Mon, Nov 14, 2016 at 5:49 AM, Sec Tester wrote: >> Could open up a vulnerability if not done carefully. >> >> VM could use it to query and identify other VMs in existence on the system. > > There are already several timing side-channel ways to do that. > > Example: ... Created an issue for this because it's really off-topic for this thread: https://github.com/QubesOS/qubes-issues/issues/2436 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_AvwReXyzWs-s2Q6ywOEWEoJS%3DJZuL1cb%3D2foWk78ggPQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Improvement: check disk space before copy to VM
On Mon, Nov 14, 2016 at 5:49 AM, Sec Testerwrote: > Could open up a vulnerability if not done carefully. > > VM could use it to query and identify other VMs in existence on the system. There are already several timing side-channel ways to do that. Example: AppVM$ time /usr/lib/qubes/qrexec-client-vm sys-net qubes.VMShell Request refused /usr/lib/qubes/qrexec-client-vm sys-net qubes.VMShell 0.00s user 0.00s system 1% cpu 0.180 total AppVM$ time /usr/lib/qubes/qrexec-client-vm does-not-exist qubes.VMShell Request refused /usr/lib/qubes/qrexec-client-vm does-not-exist qubes.VMShell 0.00s user 0.00s system 0% cpu 1.565 total In this case the difference in time is quite obvious because it blocks while an error dialog is open in dom0. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_A70au%3DdsuwuWUbiL44xNngaXYxFuUCWGXXZGtQ%3D90ZRw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.