← Back to context

Comment by fsflover

2 hours ago

>> Apart from the fact that this is extremely rare,

> So are bubblewrap escapes, which is the sandbox flatpak uses.

Not only they are much more frequent, including possibly kernel privilege escalations, not affecting Qubes, - the bubblewrap repository itself says that you have to be really careful to stay secure with it, even in the lack of vulnerabilities. This is not what people should seriously rely on. Again, my secrets in vault VM are safe since the introduction of VT-d in Qubes 4.0 in ~2021. There is no comparably secure OS in the world.

I don't understand your unsubstantiated attack on Qubes.

> and being able to obtain information from other VMs defeats much of the point of isolation

It does not. Even if a VM becomes hostile and starts reading the RAM, it will not get any privileges in any other VM. Also, it can be easily cleaned. Also, you can just stop all VMs when performing a secure operation. Tell me how you protect yourself in such case with Flatpak.

1 comment

fsflover

Reply
JCattheATM  1 hour ago

> Not only they are much more frequent, including possibly kernel privilege escalations,

No, that's simply not the case.

> not affecting Qubes,

Maybe, qubese would still be vulnerable to kernel vulnerabilities even if they didn't allow VM escape - anything in the disposable VM would be at risk.

> the bubblewrap repository itself says that you have to be really careful to stay secure with it, even in the lack of vulnerabilities.

Source? I assume they are referring to misconfigurations.

> There is no comparably secure OS in the world.

You've said before you don't have a lot of security knowledge and it continues to show. Qubes is one specific approach to a problem not suitable for all goals, it's useful for hobbyists who use browsers and such. Anything in the disposable VM is still at risk.

SEL4, ASOS and CuBit are all more secure than Qubes. Qubes doesn't offer any more security than having a bunch of different machines to do different tasks on. Not even airgapped. If the machines have a vulnerability, then whatever is on the machine is fair game.

> I don't understand your unsubstantiated attack on Qubes.

There is no attack, I'm just refuting your preposterous zealotry for it. It's fine for what it is, but you make it much more than what it is. The developers of Qubes would absolutely disagree with your claims.

> Even if a VM becomes hostile and starts reading the RAM, it will not get any privileges in any other VM.

That depends entirely on the vulnerability.