On 2/12/20 7:27 AM, Claudia wrote:
I'm not sure if you'll agree, but my conclusion from this experiment is
that the Qubes Team have some work to do in hardening Qubes? Like you
say,"I see that you have many services that need not be there"; so my
question is, why are they present in a vanilla version of Qubes?


My impression of the official Qubes developers' stance on this is "security by 
isolation," i.e. Xen is the only component they actually consider secure. This is 
the rationale for passwordless sudo for example. In practice, I can agree, it's difficult 
enough to develop and maintain an OS as sophisticated as Qubes in the first place, let 
alone if they had to also harden guest OSes at various levels. In principle, I say fair 
enough, I suppose it's not really Qubes' concern what goes on within VMs. Qubes just 
polices the border.

It does present an interesting angle for hardening (there *always* is another one, isn't there?).

You might be interested in Chris's Qubes hardening tools, however I don't know 
it uses the systemd security features at all so it may not improve systemd's 
report.

Qubes-VM-hardening probably wouldn't improve the report. The former is mainly about restoring the guest's normal permissions-based security, and helping ensure the startup state is uncompromised.

The analysis appears to be a measurement of a service's level of sandboxing, according the the man page. It seems to look for capabilities management of some kind(s). An example it gives is that a service with the ability to mount/unmount volumes may be labeled UNSAFE. This would imply that most of a system's services will never attain an OK rating. So I think we're looking at another one of systemd's immature pilots. It may even be a tool for scaring gratis CentOS/Fedora users into purchasing RHEL (yes, my usual uncharitable assessment of Red Hat), since systemd originates from Fedora/RHEL.

When I see stuff like this, I also ask whether the authors make any distinctions about things like 'guardian' components... Does a crypto-based verification tool or something doing little more than toss data blocks from one port to another deserve the same steep (even hyperbolic) grade scale that, say, CUPS or something even more complex and less security-minded gets?

--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/03d576ef-c8de-5cdc-5851-d8585c6c9601%40posteo.net.

Reply via email to