-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 2016-06-19 12:30, IX4 Svs wrote:
> On Sun, Jun 19, 2016 at 3:05 PM, Andrew David Wong
> <
a...@qubes-os.org> wrote:
>
> On 2016-06-18 14:54, IX4 Svs wrote:
>>>> Qubes R3.1, Fedora 23 template, fully updated.
>>>>
>>>> I launch a new disposable Firefox, which creates a new DispVM
>>>> and displays [disp42] in the Firefox window title. All normal
>>>> so far.
>>>>
>>>> I hit CTRL+t to open a new Firefox tab and - I can't believe
>>>> my eyes - the "new tab" page is full of thumbnails of web
>>>> pages I have visited in other DispVMs, which have long been
>>>> shut down.
>>>>
>>>> sudo xl list from dom0 confirms disp42 is the only DispVM
>>>> currently running.
>>>>
>>>> How can such data leakage from one DispVM to another be
>>>> possible? Yes, I am adamant, 100% certain that I have not
>>>> visited the web sites showing up in the "new tab" page from
>>>> the TemplateVM that my DispVM is based upon.
>>>>
>>>> Any thoughts?
>>>>
>>>> Thanks,
>>>>
>>>> Alex
>>>>
>>
>> Does it persist even after you regenerate the DVM template?
>>
>> $ qvm-create-default-dvm --default-template
>
> I have not tried the nuclear option - I was hoping to find the
> cause of such a massive leak now that it's happening so that it can
> be fixed for all Qubes users.
Sorry, I wasn't thinking of that as "the nuclear option." Rather, I
was just trying to help determine whether this phenomenon is isolated
to your specific machine (e.g., perhaps you forgot that you had done
some special configuration that would be overwritten when regenerating
the DVM template) or whether it's a Qubes bug.
Personally, I haven't been able to reproduce this on my own machine
(and I haven't seen anyone else say they can either), so it's not yet
clear whether this affects any other Qubes users. If the phenomenon
were to persist even after you regenerate the DVM template, that would
be significantly more worrisome, since you said you're absolutely sure
you didn't do anything in the TemplateVM on which the DVM template is
based that might cause this.
I've never tried backing up the DVM template (since there's usually no
reason to do so), but I wonder if doing so would allow you to preserve
the current state so that you can try regenerating the template.
iQIcBAEBCgAGBQJXaCe6AAoJENtN07w5UDAwfU4QAJCUFt26MbWKIq7WFM6x5Bxg
3PTQWyhG1paGW2wCLY2Zo6wMnyYL8uGJbXYti8QZGJgciRE9cuJWFAnfOxXs0JT8
gREib7SWIxA5ePBUhDkuN1VcFqrC3Cu9vLXQ1Tn4yChdNKg0DnYNNY3+btXjAkl1
3VOZ/b+PaQkUB8oGJG7zZ/AEO0MrVZ/nX0xRHoSyB/hITe/cpgmvSDfCAhsPEVfN
nadJYQUCsdq/a29TY6BLPshh+5VQPc9HWcxEirVrzUvrphXIFXITAg7JUmNeKc/a
9xvFH6UhvUnh6K5o/n64VGeC4wiiNJ3FvYeB6Cp+lkcvr1eRuLS7iWB5EsJdaGss
BhfdeVL46biUlLuTWklTCqJnjfQ9kfJnNR9C+UZPWDcNK+QTsgH1SA4n7Xp3BpCm
ck6ERiMK1evfzqc6ple8GZ238sR2KQJITe5Ijt5uTSBRnKa4WhjKUyOfaNbCn+HI
RRtI22GW+cTiu9OnaEGHynDYANHcW+Zez9OI/4yRa1g+2Hhd4uJqUd4ntTm7wmnv
LiEgfT0xbJxOnG7Y+8I8AB5918kV4z4WtcSC1R5/Ht7rwdnfp8DzzHUSUz/pMlnT
XIP2TwgC6q3vnd8FgjPXaKZ/S2BLnidwA1Vv8zfC2/2N+olJlUAm/eYK6wpzH//P
YWsRIKndOQwt0ZCK0um3
=T9NM
-----END PGP SIGNATURE-----