Re: AppVM home directories browsable from dom0 (was Re: [qubes-users] Ext4 formatted external USB hard drive not seen in file manager even though it attaches OK to appvm)

On 28.05.2014 00:25, Joanna Rutkowska wrote:
> On 05/27/14 18:26, Axon wrote:
>> Axon:
>>> Axon:
>>>> Eric Smith:
>>>>> Also, dom0 recognizes my ext4 usb drive and I am able to browse it in dom0
>>>>> (probably dangerous).
>>>>
>>>> I've noticed that most if not all AppVM home directories are browsable
>>>> from dom0's Thunar. It's been this way for as long as I can remember. I,
>>>> too, wonder if this is dangerous.
>>>>
>>>>
>>>
>>> Just to clarify, what I mean is that (last time I checked), I was able
>>> to view individual files residing in AppVMs from dom0. For example, if I
>>> download foo.pdf in "untrusted," then I open up the file manager in dom0
>>> and browse through the list of "devices," I eventually find one which
>>> contains "stuff.pdf." But at this point I was too afraid to click on it
>>> (to try to open it from dom0) to see what would happen. :P Fortunately,
>>> auto-preview seems to be disabled in dom0's file manager by default, but
>>> it's still a bit disconcerting.
>>>
>>
>> "stuff.pdf" should have been "foo.pdf"
>>
>
> So, just to make sure I understand this -- you're saying that if the
> user installs some file manager in Dom0 (qubes-dom0-update) and then
> fires up this file manager, and then navigates to /var/lib/qubes/appvm/
> and clicks on a .img symbolizing a priovate disk for a VM, then... the
> file manager actually shows the contents of it?

No, some file managers lists loop devices used by running VMs. So when one
select such device, it is mounted in dom0... This is one of many reasons why
one should not use file manager in dom0.

--
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?