Registering qrexec services?
31 views
Skip to first unread message
Jean-Philippe Ouellet
Dec 3, 2017, 11:09:50 PM12/3/17
to qubes-devel, wo...@invisiblethingslab.com
What's the intended use of [1]?
I expected the eventual addition some kind of careful mechanism to
allow automated creation of "allow" policies by a management VM, where
the source & dest are both required to be managed by that management
VM.
However, this seems to be an entirely different purpose. What am I missing?
Regards,
Jean-Philippe
[1]: https://github.com/QubesOS/qubes-core-admin/commit/61c164e1c3feeea9342b46354636d03b5c981139
I expected the eventual addition some kind of careful mechanism to
allow automated creation of "allow" policies by a management VM, where
the source & dest are both required to be managed by that management
VM.
However, this seems to be an entirely different purpose. What am I missing?
Regards,
Jean-Philippe
[1]: https://github.com/QubesOS/qubes-core-admin/commit/61c164e1c3feeea9342b46354636d03b5c981139
Wojtek Porczyk
Dec 4, 2017, 6:54:35 AM12/4/17
to Jean-Philippe Ouellet, qubes-devel
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sun, Dec 03, 2017 at 11:09:21PM -0500, Jean-Philippe Ouellet wrote:
> What's the intended use of [1]?
>
> I expected the eventual addition some kind of careful mechanism to
> allow automated creation of "allow" policies by a management VM, where
> the source & dest are both required to be managed by that management
> VM.
>
> However, this seems to be an entirely different purpose. What am I missing?
You're missing U2F integration repo, which is not yet public. This is part of
work done for a customer, but we expect to eventually release it in public.
Consider two calls: u2f.Register and u2f.Authenticate+KEYHANDLE. Just after
registering, backend requests dom0 to allow respective frontend (and only that
frontend) to use this particular key. This policy cannot be set from
management VM, because the key is generated in hardware and needs to be
communicated from the backend.
But the mechanism is generic enough so there surely will be wider use for it,
so it gets released now and is included as part of core stack.
> [1]: https://github.com/QubesOS/qubes-core-admin/commit/61c164e1c3feeea9342b46354636d03b5c981139
- --
pozdrawiam / best regards _.-._
Wojtek Porczyk .-^' '^-.
Invisible Things Lab |'-.-^-.-'|
| | | |
I do not fear computers, | '-.-' |
I fear lack of them. '-._ : ,-'
-- Isaac Asimov `^-^-_>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJaJTdxAAoJEL9r2TIQOiNRo2kP/jMGj4ZX63a9v9o7SF9oDLVQ
JEv4XKK9vmihw6Prl+bkAoHdgzigMuyxRgPNhCqHrW2f6fQFKRGZ0nf7GziKX5vy
i5KRptvDHmM/qZSDGaneLLYvcQuEyXOQ4QfYt5d2JlNjbu9JgSkSaFOE+WbN6UNh
6aVCRV/pwhY/RNhtCCvcDnCQqgkndHTTvwNrRZ4jWhLg0EdkuWI3ZLQuLqDrqM17
ES4RyJqeESf8MdB9M32mGWGgnwrIaGE9BjYv6jibj6C2KcFZ47oyPLmrl6giSge+
n+qSrLHuLrV7LNkBycmDQ8BAQcECY2Y4wYyGrXkV42kpcKv8lazz/si5MWT/wpgR
qLbVX0mrexg1nXvjRhGsn71XSPEv4qaX/gcHTh0TQRj/Jdg9mdRB5XzXXzUoBMH1
JCZBe3lRoudi4xmtZV4prqZfJ0Jzy7DrOFfS+Qkr0BUEgdSpynH0GtUjArXBnKb6
XW7G0jtIA2S7HEapUN2F/gW0C7JoWsk7oQ5NL55iCuolO/mZdn6MIrpWBJh2dXPS
74jW04O+QqPZCiejTen/6tT2mrwbVwA7cnQTSDRhCIgFnofCbWLcP4cdPHXlYGEy
NwZQgQ7WGMimossIocr6yfomEG6MiZ7i8AeZQk6PPW3MpJaUlYAV5M35qTNjDt8D
RyIlSKGM5+yIJwP3EOOS
=zpjC
-----END PGP SIGNATURE-----
Hash: SHA256
On Sun, Dec 03, 2017 at 11:09:21PM -0500, Jean-Philippe Ouellet wrote:
> What's the intended use of [1]?
>
> I expected the eventual addition some kind of careful mechanism to
> allow automated creation of "allow" policies by a management VM, where
> the source & dest are both required to be managed by that management
> VM.
>
> However, this seems to be an entirely different purpose. What am I missing?
work done for a customer, but we expect to eventually release it in public.
Consider two calls: u2f.Register and u2f.Authenticate+KEYHANDLE. Just after
registering, backend requests dom0 to allow respective frontend (and only that
frontend) to use this particular key. This policy cannot be set from
management VM, because the key is generated in hardware and needs to be
communicated from the backend.
But the mechanism is generic enough so there surely will be wider use for it,
so it gets released now and is included as part of core stack.
> [1]: https://github.com/QubesOS/qubes-core-admin/commit/61c164e1c3feeea9342b46354636d03b5c981139
- --
pozdrawiam / best regards _.-._
Wojtek Porczyk .-^' '^-.
Invisible Things Lab |'-.-^-.-'|
| | | |
I do not fear computers, | '-.-' |
I fear lack of them. '-._ : ,-'
-- Isaac Asimov `^-^-_>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJaJTdxAAoJEL9r2TIQOiNRo2kP/jMGj4ZX63a9v9o7SF9oDLVQ
JEv4XKK9vmihw6Prl+bkAoHdgzigMuyxRgPNhCqHrW2f6fQFKRGZ0nf7GziKX5vy
i5KRptvDHmM/qZSDGaneLLYvcQuEyXOQ4QfYt5d2JlNjbu9JgSkSaFOE+WbN6UNh
6aVCRV/pwhY/RNhtCCvcDnCQqgkndHTTvwNrRZ4jWhLg0EdkuWI3ZLQuLqDrqM17
ES4RyJqeESf8MdB9M32mGWGgnwrIaGE9BjYv6jibj6C2KcFZ47oyPLmrl6giSge+
n+qSrLHuLrV7LNkBycmDQ8BAQcECY2Y4wYyGrXkV42kpcKv8lazz/si5MWT/wpgR
qLbVX0mrexg1nXvjRhGsn71XSPEv4qaX/gcHTh0TQRj/Jdg9mdRB5XzXXzUoBMH1
JCZBe3lRoudi4xmtZV4prqZfJ0Jzy7DrOFfS+Qkr0BUEgdSpynH0GtUjArXBnKb6
XW7G0jtIA2S7HEapUN2F/gW0C7JoWsk7oQ5NL55iCuolO/mZdn6MIrpWBJh2dXPS
74jW04O+QqPZCiejTen/6tT2mrwbVwA7cnQTSDRhCIgFnofCbWLcP4cdPHXlYGEy
NwZQgQ7WGMimossIocr6yfomEG6MiZ7i8AeZQk6PPW3MpJaUlYAV5M35qTNjDt8D
RyIlSKGM5+yIJwP3EOOS
=zpjC
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages