← Back to context

Comment by JCattheATM

1 day ago

> Apart from the fact that this is extremely rare,

So are bubblewrap escapes, which is the sandbox flatpak uses.

> the first vulnerability is not a complete escape.

It could potentially lead to one, and being able to obtain information from other VMs defeats much of the point of isolation, and so defeats much of the point of why people use qubes.

> For example, any offline vault VM storing secrets stayed secure. This is just not happening with any other security approach.

That's not true. Strong MAC would suffice, no VT-d needed.

> Speculative sidechannel attacks have nothing to do with OS or compartmentalization technology

Of course they do, in fact they have more to do with it than solutions like flatpak, which is why Qubes releases security advisories and patches to address those vulnerabilities.

0 comments

JCattheATM

Reply