On 2/12/20 7:27 AM, Claudia wrote:
I'm not sure if you'll agree, but my conclusion from this experiment is
that the Qubes Team have some work to do in hardening Qubes? Like you
say,"I see that you have many services that need not be there"; so my
question is, why are they present in a vanilla version of Qubes?
My impression of the official Qubes developers' stance on this is "security by
isolation," i.e. Xen is the only component they actually consider secure. This is
the rationale for passwordless sudo for example. In practice, I can agree, it's difficult
enough to develop and maintain an OS as sophisticated as Qubes in the first place, let
alone if they had to also harden guest OSes at various levels. In principle, I say fair
enough, I suppose it's not really Qubes' concern what goes on within VMs. Qubes just
polices the border.
It does present an interesting angle for hardening (there *always* is
another one, isn't there?).
You might be interested in Chris's Qubes hardening tools, however I don't know
it uses the systemd security features at all so it may not improve systemd's
report.
Qubes-VM-hardening probably wouldn't improve the report. The former is
mainly about restoring the guest's normal permissions-based security,
and helping ensure the startup state is uncompromised.
The analysis appears to be a measurement of a service's level of
sandboxing, according the the man page. It seems to look for
capabilities management of some kind(s). An example it gives is that a
service with the ability to mount/unmount volumes may be labeled UNSAFE.
This would imply that most of a system's services will never attain an
OK rating. So I think we're looking at another one of systemd's immature
pilots. It may even be a tool for scaring gratis CentOS/Fedora users
into purchasing RHEL (yes, my usual uncharitable assessment of Red Hat),
since systemd originates from Fedora/RHEL.
When I see stuff like this, I also ask whether the authors make any
distinctions about things like 'guardian' components... Does a
crypto-based verification tool or something doing little more than toss
data blocks from one port to another deserve the same steep (even
hyperbolic) grade scale that, say, CUPS or something even more complex
and less security-minded gets?
--
Chris Laprise, [email protected]
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/03d576ef-c8de-5cdc-5851-d8585c6c9601%40posteo.net.