-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2016-11-07 16:32, Jean-Philippe Ouellet wrote: > On Mon, Nov 7, 2016 at 2:29 PM, Chris Laprise <tas...@openmailbox.org> wrote: >> The framebuffer is being handled by the trusted dom0 graphics stack, so is >> actually a trusted input. > > Perhaps we have run into trusted != trustworthy terminology issues. > > I meant to say that the content of the framebuffer being processed by > the highly complex [1] compression algorithms is directly > attacker-controlled, and thus attacking dom0 by displaying specially > crafted bitmaps is a theoretical attack vector. > > [1]: https://sidbala.com/h-264-is-magic/ (from recent hacker news -- > serves to illustrate that video compression has significant > complexity, and it is not impossible to imagine the existence of > exploitable edge cases) >
This is a good point. Perhaps the situation will be easier once dom0 has been bifurcated into separate Admin and GUI domains. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJYIZb8AAoJENtN07w5UDAwL3YQAJF+WHnRy5nM81D/YgHgfdl2 d+UZSdVTRHLHqujZCOPATys4e5ZLMtcrnTVj6HGtuNudlt46DnDMF2vgOwsz3U9A 1TZEKIX/ePE+Wlzf436mZ2wCBSdA/+kNZ32ue6zqE9ffAh4EKrTojmV5s3f/NQe4 AM2ni3fElrEyr+m7IHjyTmMKP+ycrWJ6WjszBx47fjjbL1OYljizZXYegMcFhYcW NzzNjG0yg74+GvApTy7FGE+CrsTf8zmOzb7s9waLeGVpOKbQwEHql4uTQwIJ6y7B zyzVMSrRjhjn3MyOcSEGeMTuvTGSuOYlMX1pRumnmR+jrbHuY9DTQBJVkBo3QhU9 ywZu16DB2BOVaWJITpiBfDXwoU+/9eqhNeegc6No2UKGvqFBlC+Xxj8XXe9l7cex EdmCeW03Y4G3nUg/r6TF/3xvkgn/AOD2a7MxnEknmSjWydMfVWu0bPSqq+jeDUnq 7GWnM0xWbY8VUVQKwE8cjKG8VfqQyw86kfidBmPIZNiEYwMqSpRCGILabE0FhGww 3CVeHoXDsi8OovV4tqehR92q8jufnnkjTaLyeH3J4S18PpjnuA3YwVOoTXF2MECM JywoHxTzqYNOFpO6xohXve2IQgq4gh7b9ItH9BLlAhjkG/sY4leIlRyZb90n/F0o vVSN0vijM6AP+Ze+Dtgl =fiqZ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/d654e5be-ccfd-357c-19ba-5a1d59ea0f97%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.