Hi Robert,
Do you think you could build a template that would be that which you would consider secure?
Personally, I've been asking what packages are REQUIRED for full integration, and never gotten an answer that provides the information I request from anyone, not even the qubes devs.
I'm not sure if they don't know, or just think that the information is there when it isn't, but if you are able to build a secure template, one that is based for Qubes and works properly and fully, then you should do it and give it to them to put into the template repo.
I think it would be interesting if you could actually do it, rather than these insecure systemd templates.
> The Fedora minimal template works fine as a very minimal base system.
> Those NetworkManager packages are needed to use it as a sys-net template.
The Fedora minimal template is FAR from minimal. It still contain a lot of things it shouldn't, and is missing vital things too.
> >
> > I'm not sure if they don't know, or just think that the information is there when it isn't,
>
> Of course they know. They build the templates. It's just that this
> question is a low-priority question because this is something you could
> have found out yourself.
No, it's not a low-priority question, I was told that they didn't know. I can find the thread where they told me, if you want, or else you can search qubes-users for it.
Yes it does, but what else does it need that I have installed that it won't tell me BECAUSE the things are ALREADY INSTALLED?
That's the rest of it...
I want to know what it all is, not just what I don't have.
Does that make sense now?
By Default, yes, unless you actually secure your templates properly.
If you secure the templates, they would have a very very very hard time even thinking about getting root access in a template.
> My thoughts are more about continuing the attack to other QubesVMs or
> even other systems by means of installed Software like a VNC client.
In general, they can't.
Unless you are meaning gaining access via the Dom0 passthru system where you can copy files to other vms?
Or unless you are using an InterVM machine, like I do. But I only ever allow the ports I require to be used at that time. I do have one area that is set up as a complete, but they can only talk to each other, nothing else.
So if you configure Qubes correctly, including the VMs, it will be very difficult to actually attack other VMs in the way I think you may be thinking it's easy?
sounds quite interessting :-)
How would be a encrypted software-database. Inside are all compressed folders, pathes and files and if you run some app, it will payed in this DVMs?
Nice would be, if the protocols and logs get played back inside this database. And they are also compressed and enrypted.
In the end you have an database, which maintain all the running coding, configurations and security-logs (So AppArmor can be used to see the good or bad behaviors).
Kind Regards
how I found out, if the minimal Templates D8 or F22 will contain only "exploit proof" applications, which support all ASLR - against code injection - like the browsers?
Or if not, how can I build an ASLR D8 template for Qubes?
Kind Regards
Was still some topic (and would meet the user logic to design more foundation TVM's and higher specific TVM's on top of them)...