1 |
Thank you for the reply! |
2 |
|
3 |
On 04/17/10 10:50, Javier J. Martínez Cabezón wrote: |
4 |
> I didn't implement it but i would like to say something about this |
5 |
> interesting question. |
6 |
> |
7 |
> Until my knowledge qubes only gets you isolation and nothing more. It |
8 |
> creates "domains" (that is nothing more than a named xen guest VM to |
9 |
> one special use like "shopping virtual machine"). It does not make |
10 |
> nothing new at the moment. |
11 |
> |
12 |
> In my opinion it gives only a high overhead to the system since each |
13 |
> VM gets (if I'm not wrong) 400 Mb of RAM. |
14 |
> |
15 |
> The same isolation you get without this overhead using grsecurity's |
16 |
> chroot, rsbac_jail etc and if you want to sleep better in the night |
17 |
> you have to only create one separate user like a shopping user |
18 |
> isolating it with MAC. |
19 |
|
20 |
Yep...... this is what I'm doing now; lots of little unprivileged users |
21 |
executing GRS chroot jails. In many cases (e.g. browser, snort, etc) I |
22 |
load the jail into RamDisk first, so that if something is quietly changed - |
23 |
other than bookmarks - it is not retained. Bookmarks are saved before |
24 |
shutting down the RamDisk jail. |
25 |
|
26 |
|
27 |
> |
28 |
> Second, I would like to know how does make the communication between |
29 |
> the guest VM application and the host system, I suppose that with |
30 |
> xnest or displaying in the required IP, I don't know. Xorg is a high |
31 |
> risky software when using in a network environment approach. So |
32 |
> isolation could be broken from here. |
33 |
|
34 |
Think she would agree with you about Xorg; |
35 |
|
36 |
I'm a newbie; but FWICT they've created some new software - including a |
37 |
secure means of managing and communicating between VMs: |
38 |
|
39 |
"..We have designed the GUI virtualization subsystem with two primary |
40 |
goals: security and performance. Our GUI infrastructure introduces only |
41 |
about 2,500 lines of C code (LOC) into the privileged domain (Dom0), |
42 |
which is very little, and thus leaves not much space for bugs and |
43 |
potential attacks. At the same time, due to smart use of Xen shared |
44 |
memory our GUI implementation is very efficient, so most virtualized |
45 |
applications really feel like if they were executed natively..." |
46 |
|
47 |
|
48 |
> Hardened gentoo (I believe) supports VM's like Virtual Box, User Mode |
49 |
> Linux, Xen and a lot of more you could try to install them and make a |
50 |
> installation in one of them (I make use of VM's to virtual servers). |
51 |
> This is what qubes do. |
52 |
|
53 |
Guess my goal is putting the most vulnerable process on my desktop - my |
54 |
browser - into a VM that can cruise with JS, Java, etc. all active, |
55 |
without any chance of some zero-day browser issue. I was going to use |
56 |
KVM, but it looks like KVM will not soon have access to the GPU, whereas |
57 |
the latest Xen can do that. |
58 |
|
59 |
As far as communications between VMs, my plan was/is to use SSH or NX |
60 |
over Virtual Ethernet; each VM properly firewalled. This works well; but |
61 |
Rutkowska's GUI sounds interesting, and less complex. |
62 |
|
63 |
I'm -guessing- one could use hardened-Gentoo as the core, and compile |
64 |
Qubes SRPMs to implement her software. Figured someone might have done |
65 |
it already. |
66 |
|
67 |
Thanks again for your thoughts!! |