On 31/01/17 22:24, mojosam wrote:
it does protect you from user errors. e.g.:
you have some malicious pdf in a vm.
if you have noting to open the pdf, you can't accidentally open it and corrupt
your vm.
Isn't that the concept behind "attack surface"? If the code is there,
something malicious might have the ability to call it. I think there was malware that
was recently discovered that could exploit the floppy disk controller in either VMware or
VirtualBox.
but if there is something malicious able to call it, the malicious piece of
code could download play on linux and then exploit the error.
the case is:
- there is something malicious
- it can execute code
hence it can install everything it wants to and exploit it (but that is not
even necessary, since it only needs remote code execution to do anything it
wants to do)
in this case we already executed something and caused the malicious code to
become active (e.g. opened it with a program)
the case i mentioned was:
- there is something containing malicious code (e.g. a pdf)
- the code can't activate, since no piece of software parses this code
the attack surface is created by the code you execute rather the code that is
on the system.
this is the case, because you only need remote code execution to own a qubes
vm. (instead of remote code execution + privacy escalation)
the only advantage of not installing software is: you can't be able to
accidentally execute it and activate some malicious code (but here your action
would extend the attack surface)
at least this is my understanding of the situation.
The bigger practical concern is that PlayOnLinux expanded my template by 800
MB. Is all of that cruft duplicated on the hard drive for every VM, or is it
just accessed from the template as needed when the VM is activated?
this depends on the location that stuff is stored at.
if it is somewhere on /rw (e.g. /home/user) each cloned vm will have a
duplicate.
if play on linux downloads the stuff after its first execution, you can simply
only execute it in vms using play on linux.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/98fffab0-8e22-061c-ddb5-e10afa59de4c%40openmailbox.org.
For more options, visit https://groups.google.com/d/optout.
