Updates installation ( gpk-update-viewer).NetworkManager configuration from normal user ( nm-applet). # with root password you enter into the "secure" PolKit dialog box canīelow is a complete list of configuration made according to the above statement, with (not necessary complete) list of mechanisms depending on each of them: gpk-update-viewer - observe how all the keystrokes # user, then open some app that uses PolKit and asks for root # simple experiment: start 'xinput test' in one xterm, running as # piece of software called PolKit uses own set of policies. # Currently this still doesn't work as expected, because some idotic # is simply convenient for users, especially for update installation. # At the same time allowing for easy user-to-root escalation in a VM # escalation in VM (which as we know from history of UNIX/Linux # highly unlikely if that person couldn't also found a user-to-root # exploitable bugs in the Xen hypervisor from a VM - then it would be # hypervisor - as of 2016, there have been only three publicly disclosed # Because, really, if somebody could find and exploit a bug in the Xen # and for sure, root/user isolation is not a mitigating factor. # gonna BS our users that there are mitigating factors in that case, # that the attacker needed root in VM!" We're not M$, and we're not # really is no comforting that: "oh, but the mitigating factor was In such situation (if there was such a bug in Xen) there # requiring user, root, or even kernel access in the VM, would be # Dom0 that could be exploited by a malicious VM, no matter whether # That's true, but mere existence of such a bug in the hypervisor or # attacks) most likely would require root access in the VM to trigger # hypervisor or the few daemons/backends in Dom0 (so VM escape # One might argue that some hypothetical attacks against the # filesystem modifications are lost upon each start of a VM). # in trying to install some persistent rootkits, as the VM's root # the attacker if she could escalate to root (there is even no benefit # accessible from the user account, so there is no direct benefit for This is because all the user data is already # In Qubes VMs there is no point in isolating the root account from
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |