Jason Mehring
10 years ago
parent
b4ea7f437b
commit
c26d0eac1a
@ -0,0 +1 @@
|
||||
host
|
||||
@ -0,0 +1,16 @@
|
||||
## Anonymity Distribution /etc/hosts
|
||||
|
||||
## Defaults
|
||||
127.0.0.1 host
|
||||
::1 host ip6-host ip6-loopback
|
||||
fe00::0 ip6-localnet
|
||||
ff00::0 ip6-mcastprefix
|
||||
ff02::1 ip6-allnodes
|
||||
ff02::2 ip6-allrouters
|
||||
## End of defaults
|
||||
|
||||
## Anonymity Distribution specific
|
||||
127.0.0.1 host.localdomain host
|
||||
## End of Anonymity Distribution specific
|
||||
|
||||
## End of Anonymity Distribution /etc/hosts
|
||||
@ -0,0 +1,46 @@
|
||||
user ALL=(ALL) NOPASSWD: ALL
|
||||
|
||||
# WTF?! Have you lost your mind?!
|
||||
#
|
||||
# In Qubes VMs there is no point in isolating the root account from
|
||||
# the user account. This is because all the user data are already
|
||||
# accessible from the user account, so there is no direct benefit for
|
||||
# the attacker if she could escalate to root (there is even no benefit
|
||||
# in trying to install some persistent rootkits, as the VM's root
|
||||
# filesystem modifications are lost upon each start of a VM).
|
||||
#
|
||||
# One might argue that some hypothetical attacks against the
|
||||
# hypervisor or the few daemons/backends in Dom0 (so VM escape
|
||||
# attacks) most likely would require root access in the VM to trigger
|
||||
# the attack.
|
||||
#
|
||||
# That's true, but mere existence of such a bug in the hypervisor or
|
||||
# Dom0 that could be exploited by a malicious VM, no matter whether
|
||||
# requiring user, root, or even kernel access in the VM, would be
|
||||
# FATAL. In such situation (if there was such a bug in Xen) there
|
||||
# really is no comforting that: "oh, but the mitigating factor was
|
||||
# that the attacker needed root in VM!" We're not M$, and we're not
|
||||
# gonna BS our users that there are mitigating factors in that case,
|
||||
# and for sure, root/user isolation is not a mitigating factor.
|
||||
#
|
||||
# Because, really, if somebody could find and exploit a bug in the Xen
|
||||
# hypervisor -- so far there have been only one (!) publicly disclosed
|
||||
# exploitable bug in the Xen hypervisor from a VM, found in 2008,
|
||||
# incidentally by one of the Qubes developers (RW) -- then it would be
|
||||
# highly unlikely if that person couldn't also found a user-to-root
|
||||
# escalation in VM (which as we know from history of UNIX/Linux
|
||||
# happens all the time).
|
||||
#
|
||||
# At the same time allowing for easy user-to-root escalation in a VM
|
||||
# is simply convenient for users, especially for update installation.
|
||||
#
|
||||
# Currently this still doesn't work as expected, because some idotic
|
||||
# piece of software called PolKit uses own set of policies. We're
|
||||
# planning to address this in Beta 2. (Why PolKit is an idiocy? Do a
|
||||
# simple experiment: start 'xinput test' in one xterm, running as
|
||||
# user, then open some app that uses PolKit and asks for root
|
||||
# password, e.g. gpk-update-viewer -- observe how all the keystrokes
|
||||
# with root password you enter into the "secure" PolKit dialog box can
|
||||
# be seen by the xinput program...)
|
||||
#
|
||||
# joanna.
|
||||
Loading…
Reference in new issue