I'm thinking an attacker could: 1 Take control of the VM through any given means, and gain the ability to edit the .desktop file 2 Alter the desktop file so that it opens a malware URL in the VM dedicated to web browsing 3 Send information from the Thunderbird VM to the less-trusted web browsing VM via coding in the URL
The weakness is you're giving a persistent, user-editable file permission to control another VM - and the Qubes messaging service doesn't tell you exactly what action you are approving, and might even be set to "Yes to All" allowing transparent control by malware. If you DON'T set "Yes to All", then you are queried every time you open a webpage, and if you don't read every approval carefully an attacker could force a third, higher-trust VM to open a malware URL. Your suggestion re: /usr/share/applications is good though, I think that would mitigate some of the risk. On Wed, May 3, 2017 at 4:41 AM, <u+q...@bestemt.no> wrote: > wordswithn...@gmail.com <wordswithn...@gmail.com> [2017-05-02 17:07 > +0200]: > > Any thoughts (Micah or the community), on whether this creates an > > avenue for persistent compromise of a VM? > > > > Maybe there's a way to make this change persistent from the > > TemplateVM, eg store the .desktop file outside /home and create a > > symlink in to it? > > > > I'm a little wary of adding a handler for http/https links that > > resides in /home. > > You can move both the *.desktop file(s) and mimeapps.list to > /usr/share/applications/ > > But I don't see how this measure alone will make your VMs more or less > secure. > > -- > ubestemt > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABtR2JJ%2BWQyN%2BctwigvA4cGmALZZuqRf9V3JZD3Tija-Qus0Gw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
