The users who are connected to the network are assumed to be authorized. The firewall restriction is not meant to protect the share against malicious users, it is supposed to protect against untrusted AppVMs. Moreover password based authentication could be used by malicious AppVMs in a Denial-Of-Service scenario where AppVMs send authentication requests to exhaust server resources.
2016-07-02 4:08 GMT+02:00 Andrew David Wong <a...@qubes-os.org>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > On 2016-07-01 11:04, Grzesiek Chodzicki wrote: > > @Andrew > > > > A user has a network share on the internal network. This share > > does not require the user to provide any extra credentials to > > access it (for the same reason Qubes uses passwordless sudo). The > > user creates a separate AppVM in order to access the share and, in > > Qubes Firewall, allows the AppVM to connect to the share. However > > unless the user specifically forbids every other VM access to the > > share they can connect to it too (due to Qubes NAT all AppVMs use > > the same LAN IP and MAC address so the share cannot differentiate > > between the AppVM that is supposed to access it and AppVMs that > > aren't). Because every AppVM can connect to the share they can now > > use it as a covert communications channel. > > > > I tried to be as clear as I could with this one I hope You > > understand what I'm trying to convey. > > > > Why not require a password to access the network share, then only > type/paste that password in the authorized AppVM? The reason for > passwordless sudo in Qubes is that it provides no extra security, but > it seems like requiring a password to access your network share would > provide some security in this situation (unless, of course, the > authentication mechanism can be trivially bypassed for some reason). > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJXdyIUAAoJENtN07w5UDAw2PYP/iWzPLc1qJGeJt4IEPeS/wGt > /B8H/BOh8Q/sxIycLMgVUx0rVRr3TgjgFMgMG0YH8NqyUTFaUrVACfrCNDRhEQmC > apma7ypOdFB5ztoKIgZhs0p65hktATOwF/2ivrupuVgQISKMDXa5hwegX2+jxTnh > rty6gpO1GDK1JAWiyTxI8tcV1xeeDEz6vA9LKJmDHWDXewxvQ5iOcbF7fyBhm3wb > dCvfVJkEg7CELfkpDyTNYIqjvSq0X7A+RuACP4wa+bZNx8tr5ipBrrPf9/gWjgsI > xHslUd6Vg4M0y5/AwvC4XMwA6RRb7Gk+3i/L27dm+NbrGMT5pG6Spx7ftrnCDyMr > 3HQb46B8JDrrU+6OKxibvOotJ1Th/gYdnA4WAxZe/bDgji7rpJF8ANxsvM8d6zFA > JQtfn1VhukJYFhhIBqHy5eaKEvoyUrb7nnifgt1//5HeEd+m3IBeM+6Vc7l2VgJi > 62ttY35Nc2q+XGTDSZPpCH5SbpXAl1UKZEwpu7c1GnmRBq9n2G4U3+fhNDXMBmSO > pGWaHrsziVBDlpfKq5xqUljRydSQvg9dHUcDFgIx+Q2EKe51m0D1q3+nlbylLOfu > Jge/7xDlF9OO+ioo7QjkmVrSbOS0BSRbk3i/+fF3OePnW5tE20/d6gqdOz2qNFdP > Y3gTKwSdNF1gbzPLAMZl > =2/gF > -----END PGP SIGNATURE----- > > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAEWhQ4fkkYY8BOECheWMRTHMMzgrMbBnD6rVUTXwpCvjFw1%3DEw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
