Re: Mandatory Access Control

To: Patrick Schleizer <adrelanos@riseup.net>, debian-security@lists.debian.org
Subject: Re: Mandatory Access Control
From: Elmar Stellnberger <estellnb@gmail.com>
Date: Mon, 30 Nov 2015 17:21:55 +0100
Message-id: <[🔎] 565C77A3.6070305@gmail.com>
In-reply-to: <565B687E.3090600@riseup.net>
References: <87610pu5vs.fsf@mid.deneb.enyo.de> <[🔎] CAKkp-KQSMtHRJNUkYAXSDWCfhCHXoez2hDayTZOsnSDx4aESFg@mail.gmail.com> <[🔎] CAKTje6HEbLfkBMu3dj55+BQtEmHr=N819ctHQiTUoS_4hQ6OrQ@mail.gmail.com> <[🔎] CAKkp-KTBvbPLDMMg9yJMatjCRwY1qd=i2eWEA=LDW7KVX+xFNw@mail.gmail.com> <[🔎] 565B3616.70202@riseup.net> <[🔎] 565B5F81.5080305@gmail.com> <565B687E.3090600@riseup.net>

No actually it is not Qubes what I am using.

I am using full blown qemu virtualization including a virtual wrapperdevice for the graphics. It is for sure that even here the weakest pointis the emulation of the graphics card. I have even heard about HTML5code directly bugging your hardware via graphics acceleration (thoughthis is rather theoretical because it would likely need to be customizedto a certain graphics card). Nonetheless the weakness of Qubes is evenmore the GUI dom where all other doms connect to and which has directaccess to the graphics hardware. Unfortunately I could not find anydetails on how it is implemented in deed.Additionally I found it somewhat irritating that the basic descriptionof the Qubes project talks so much about using Windows as a host. Iwould never trust software which is entirely closed source. Please doalso note the following statement found in the intro when considering touse Qubes:

"Sure, a single kernel exploit destroys this all"

If you remember what I have told you about MAC systems then it was thata single public accessible system call which is implemented faulty wouldstill compromise your system. Now consider that all current operatingsystems including Windows, Linux and FreeBSD are huge monoliticconstructs making use of just two privilege levels/ security rings: userand kernel mode. At the introduction of the i386 (which is now stilllong ago) Intel suggested that at least three privilege levels would benecessary to build a secure system: the innermost for memory and processmanagement, a middle ring for device and hardware drivers and theoutermost one for user space programs. According to my knowledge and towhat is public none of the operating system developers have followedthese precautions until today (Xen is a different case as it uses threerings but not in the way as described above; actually it would need tomake use of all four rings provided by the protected mode interface tobe secure in theory - Nonetheless just believe me that things are not astheoretical in practice as this description may make you believe.).


Regards,
Elmar

On 29.11.2015 22:05, Patrick Schleizer wrote:

Elmar Stellnberger:

If you wanna ask me for my security solution it is qemu based and puts
the most vulnerable system components like browsers and email programs
into a virtual machine namely qemu which is maintained by the Open
Source commnunity.


Sounds like Qubes.

Cheers,
Patrick

Reply to:

Follow-Ups:
- Re: Mandatory Access Control
  - From: Patrick Schleizer <adrelanos@riseup.net>

References:
- Re: [SECURITY] [DSA 3405-1] smokeping security update
  - From: Fredrik Kers <fredrik.kers@netrounds.com>
- Re: [SECURITY] [DSA 3405-1] smokeping security update
  - From: Paul Wise <pabs@debian.org>
- Re: [SECURITY] [DSA 3405-1] smokeping security update
  - From: Fredrik Kers <fredrik.kers@netrounds.com>
- Mandatory Access Control
  - From: c4p0 <capo@riseup.net>
- Re: Mandatory Access Control
  - From: Elmar Stellnberger <estellnb@gmail.com>

Prev by Date: Re: Mandatory Access Control
Next by Date: Re: Mandatory Access Control
Previous by thread: Re: Mandatory Access Control
Next by thread: Re: Mandatory Access Control
Index(es):
- Date
- Thread