| 1 |
Thank you for the reply! |
| 2 |
|
| 3 |
On 04/17/10 10:50, Javier J. Martínez Cabezón wrote: |
| 4 |
> I didn't implement it but i would like to say something about this |
| 5 |
> interesting question. |
| 6 |
> |
| 7 |
> Until my knowledge qubes only gets you isolation and nothing more. It |
| 8 |
> creates "domains" (that is nothing more than a named xen guest VM to |
| 9 |
> one special use like "shopping virtual machine"). It does not make |
| 10 |
> nothing new at the moment. |
| 11 |
> |
| 12 |
> In my opinion it gives only a high overhead to the system since each |
| 13 |
> VM gets (if I'm not wrong) 400 Mb of RAM. |
| 14 |
> |
| 15 |
> The same isolation you get without this overhead using grsecurity's |
| 16 |
> chroot, rsbac_jail etc and if you want to sleep better in the night |
| 17 |
> you have to only create one separate user like a shopping user |
| 18 |
> isolating it with MAC. |
| 19 |
|
| 20 |
Yep...... this is what I'm doing now; lots of little unprivileged users |
| 21 |
executing GRS chroot jails. In many cases (e.g. browser, snort, etc) I |
| 22 |
load the jail into RamDisk first, so that if something is quietly changed - |
| 23 |
other than bookmarks - it is not retained. Bookmarks are saved before |
| 24 |
shutting down the RamDisk jail. |
| 25 |
|
| 26 |
|
| 27 |
> |
| 28 |
> Second, I would like to know how does make the communication between |
| 29 |
> the guest VM application and the host system, I suppose that with |
| 30 |
> xnest or displaying in the required IP, I don't know. Xorg is a high |
| 31 |
> risky software when using in a network environment approach. So |
| 32 |
> isolation could be broken from here. |
| 33 |
|
| 34 |
Think she would agree with you about Xorg; |
| 35 |
|
| 36 |
I'm a newbie; but FWICT they've created some new software - including a |
| 37 |
secure means of managing and communicating between VMs: |
| 38 |
|
| 39 |
"..We have designed the GUI virtualization subsystem with two primary |
| 40 |
goals: security and performance. Our GUI infrastructure introduces only |
| 41 |
about 2,500 lines of C code (LOC) into the privileged domain (Dom0), |
| 42 |
which is very little, and thus leaves not much space for bugs and |
| 43 |
potential attacks. At the same time, due to smart use of Xen shared |
| 44 |
memory our GUI implementation is very efficient, so most virtualized |
| 45 |
applications really feel like if they were executed natively..." |
| 46 |
|
| 47 |
|
| 48 |
> Hardened gentoo (I believe) supports VM's like Virtual Box, User Mode |
| 49 |
> Linux, Xen and a lot of more you could try to install them and make a |
| 50 |
> installation in one of them (I make use of VM's to virtual servers). |
| 51 |
> This is what qubes do. |
| 52 |
|
| 53 |
Guess my goal is putting the most vulnerable process on my desktop - my |
| 54 |
browser - into a VM that can cruise with JS, Java, etc. all active, |
| 55 |
without any chance of some zero-day browser issue. I was going to use |
| 56 |
KVM, but it looks like KVM will not soon have access to the GPU, whereas |
| 57 |
the latest Xen can do that. |
| 58 |
|
| 59 |
As far as communications between VMs, my plan was/is to use SSH or NX |
| 60 |
over Virtual Ethernet; each VM properly firewalled. This works well; but |
| 61 |
Rutkowska's GUI sounds interesting, and less complex. |
| 62 |
|
| 63 |
I'm -guessing- one could use hardened-Gentoo as the core, and compile |
| 64 |
Qubes SRPMs to implement her software. Figured someone might have done |
| 65 |
it already. |
| 66 |
|
| 67 |
Thanks again for your thoughts!! |
Archives