FYI: Arch linux is back doored according to this
188 views
Skip to first unread message
C.L. Martinez
Nov 25, 2015, 11:12:37 AM11/25/15
to qubes...@googlegroups.com
https://plus.google.com/u/0/110570186850949220947/posts/7oPet2Jzass?cfem=1&pid=6220925184097238770&oid=110570186850949220947
According to this, is it safe to include archlinux templates or using
archlinux appvm based in Qubes-OS?
According to this, is it safe to include archlinux templates or using
archlinux appvm based in Qubes-OS?
Marek Marczykowski-Górecki
Nov 25, 2015, 11:32:55 PM11/25/15
to C.L. Martinez, qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
According to this, it is safe to assume that the author is a total moron.
Anyway... the great thing about Qubes OS is that it can contain
compromised code in a VM, keeping other VMs safe.
If your template is compromised, it would mean that all the VMs based on
it are too, but not the others based on different templates. Also you
can somehow limit communication of VMs with the outside world (setting
firewall, RPC policy etc), but because of x86 architecture complexity,
there are some covert channels, so it isn't bulletproof - if you have
two compromised VMs, they may find a way to communicate with each other.
But not with clean ones.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWVotxAAoJENuP0xzK19cso6cH+wUsHzUtAxqUtKfhXBV7edXf
yS2USYAlHjlpG5I/1Yk40dHqzTsBTZK0EVsP+O4RhCxIxG9nSmpxEro7ihIKKnA5
O1Rlk398wnfha1D8bJDuO8C530CKCl6guszzpGTajhN8V71nfd5l++5YOQ1B8eKF
aTwBx5mtBKQxQ+NyExDhCF87NEcgrQxhEdD/73EFvH+tZcw/l4t3yQWyAHhxOY+q
8zPsnU+7Z4aUPwsjkfH962uIZZeEXWiefW5FhPM6tlKVF2RtplQT5uyItfWquomb
TXFL7mYN5/1qGMQ6AMxb5WZLE7a8eHm9gdWu3z6tpyA+yWhoRIyzZTTWsLNrnZc=
=vk5z
-----END PGP SIGNATURE-----
Hash: SHA256
Anyway... the great thing about Qubes OS is that it can contain
compromised code in a VM, keeping other VMs safe.
If your template is compromised, it would mean that all the VMs based on
it are too, but not the others based on different templates. Also you
can somehow limit communication of VMs with the outside world (setting
firewall, RPC policy etc), but because of x86 architecture complexity,
there are some covert channels, so it isn't bulletproof - if you have
two compromised VMs, they may find a way to communicate with each other.
But not with clean ones.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWVotxAAoJENuP0xzK19cso6cH+wUsHzUtAxqUtKfhXBV7edXf
yS2USYAlHjlpG5I/1Yk40dHqzTsBTZK0EVsP+O4RhCxIxG9nSmpxEro7ihIKKnA5
O1Rlk398wnfha1D8bJDuO8C530CKCl6guszzpGTajhN8V71nfd5l++5YOQ1B8eKF
aTwBx5mtBKQxQ+NyExDhCF87NEcgrQxhEdD/73EFvH+tZcw/l4t3yQWyAHhxOY+q
8zPsnU+7Z4aUPwsjkfH962uIZZeEXWiefW5FhPM6tlKVF2RtplQT5uyItfWquomb
TXFL7mYN5/1qGMQ6AMxb5WZLE7a8eHm9gdWu3z6tpyA+yWhoRIyzZTTWsLNrnZc=
=vk5z
-----END PGP SIGNATURE-----
C. L. Martinez
Nov 26, 2015, 2:25:17 AM11/26/15
to qubes...@googlegroups.com
On Thu, Nov 26, 2015 at 4:32 AM, Marek Marczykowski-Górecki
<marm...@invisiblethingslab.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Wed, Nov 25, 2015 at 04:12:16PM +0000, C.L. Martinez wrote:
>> https://plus.google.com/u/0/110570186850949220947/posts/7oPet2Jzass?cfem=1&pid=6220925184097238770&oid=110570186850949220947
>>
>> According to this, is it safe to include archlinux templates or using
>> archlinux appvm based in Qubes-OS?
>
> According to this, it is safe to assume that the author is a total moron.
> Anyway... the great thing about Qubes OS is that it can contain
> compromised code in a VM, keeping other VMs safe.
>
> If your template is compromised, it would mean that all the VMs based on
> it are too, but not the others based on different templates. Also you
> can somehow limit communication of VMs with the outside world (setting
> firewall, RPC policy etc), but because of x86 architecture complexity,
> there are some covert channels, so it isn't bulletproof - if you have
> two compromised VMs, they may find a way to communicate with each other.
> But not with clean ones.
>
> - --
Thanks Marek. Now I'm more relaxed.
<marm...@invisiblethingslab.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On Wed, Nov 25, 2015 at 04:12:16PM +0000, C.L. Martinez wrote:
>> https://plus.google.com/u/0/110570186850949220947/posts/7oPet2Jzass?cfem=1&pid=6220925184097238770&oid=110570186850949220947
>>
>> According to this, is it safe to include archlinux templates or using
>> archlinux appvm based in Qubes-OS?
>
> According to this, it is safe to assume that the author is a total moron.
> Anyway... the great thing about Qubes OS is that it can contain
> compromised code in a VM, keeping other VMs safe.
>
> If your template is compromised, it would mean that all the VMs based on
> it are too, but not the others based on different templates. Also you
> can somehow limit communication of VMs with the outside world (setting
> firewall, RPC policy etc), but because of x86 architecture complexity,
> there are some covert channels, so it isn't bulletproof - if you have
> two compromised VMs, they may find a way to communicate with each other.
> But not with clean ones.
>
> - --
Reply all
Reply to author
Forward
0 new messages