-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Aug 25, 2016 at 12:56:15PM +0200, Alex wrote: > On 08/25/2016 12:53 PM, Arqwer wrote: > > Command qvm-run '$dispvm' xterm if called from an appVM will run > > xterm in a new dispVM. If attacker gained access to an appvm, he > > possibly can run script, that will create thousands of new dispVMs > > and freeze my computer. I don't like this. May be it's better to > > disable this functionality by default? > > > I see your point, but I'd rather appreciate a limit on the number of > dispVM that can be launched (e.g. per hour/appvm?) before some > confirmation from dom0 is needed to open any more. This way actual > functionality is not broken nor reverted, and the denial of service > scenario is prevented.
In fact the number of DispVMs is already limited - by available RAM. Further attempts will simply fail. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXxO00AAoJENuP0xzK19csQDQH/i+NEnY4EATTYbqZ7dijrrrV jyQ/QqOBZtKyhJ24TuLJC6UYyNri5DEvlu6S50O4ubvwzGmA4lsgJl6fDCiwX+VK 4j13CXw21xI5eZfagZZ1ZIHn8Nior2N/K2s+CGZUwhee1urmYlvAAuFSHYMePoFg akvZgonKCyshTATePglRhkTG0WFS91FZHMAbpZs6DGUZ+jB/ZVgQbTfAJg0A25ya RiLgoFA3mAPeUFZuCtSgUNXeR/NazmpW7wGx4SY4cUUAmrcB30sq4a/jVXOi9os0 42wJGnomQIS1b2cmnjSYpXNQhkAlrYdegcRmcwMgcSnG2Zs6iDpLppYidP+Li8E= =f2KL -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160830021932.GQ21245%40mail-itl. For more options, visit https://groups.google.com/d/optout.
