/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DispVM should be non-networked by default, or have a clear option to users to do so #1121

Open
mfc opened this Issue Aug 15, 2015 · 3 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.1
4 participants
@mfc @unman @marmarek @andrewdavidwong
@mfc
Member

mfc commented Aug 15, 2015

DispVMs are meant to be used to open untrusted files. However if that file can exfiltrate information (such as the fact it was opened), that can be seen as a security failure in some use cases.

DispVMs should be non-networked by default, and/or there should an option change this default if desired.

@mfc mfc referenced this issue Aug 15, 2015

Closed

edits in DispVM are saved, counter to user expectations #1118

@unman

This comment has been minimized.

Show comment
Hide comment
@unman

unman Aug 16, 2015

Member

Look at #862 for the rationale for the current position.
There is already an option to change the default in R3. Look in qubes manager on advanced tab for a VM, or use qvm-prefs.
Member

unman commented Aug 16, 2015

Look at #862 for the rationale for the current position.
There is already an option to change the default in R3. Look in qubes manager on advanced tab for a VM, or use qvm-prefs.
@mfc

This comment has been minimized.

Show comment
Hide comment
@mfc

mfc Aug 26, 2015

Member

ah I hadn't seen that option in Qubes manager Advanced tab, I was looking in global settings.

I feel like the use-cases for inherited-network DispVMs are fewer (...printing?) than the use-cases for no-network DispVMs (opening untrusted files), so I would still submit to that being the default, with users being able to change it in the particular VM's settings as desired.
Member

mfc commented Aug 26, 2015

ah I hadn't seen that option in Qubes manager Advanced tab, I was looking in global settings.

I feel like the use-cases for inherited-network DispVMs are fewer (...printing?) than the use-cases for no-network DispVMs (opening untrusted files), so I would still submit to that being the default, with users being able to change it in the particular VM's settings as desired.
@marmarek

This comment has been minimized.

Show comment
Hide comment
@marmarek

marmarek Aug 26, 2015

Member

One note - this shouldn't affect starting web browser in DispVM (from KDE/Xfce menu), of course.
Member

marmarek commented Aug 26, 2015

One note - this shouldn't affect starting web browser in DispVM (from KDE/Xfce menu), of course.

@marmarek marmarek added enhancement C: core P: major labels Sep 1, 2015

@marmarek marmarek added this to the Release 3.1 milestone Sep 1, 2015

@marmarek marmarek modified the milestones: Release 3.2, Release 3.1 Feb 8, 2016

@adrelanos adrelanos referenced this issue May 12, 2016

Open

Options to set `dispvm_netvm` to 'none' for all VMs and as default #1988

andrewdavidwong added a commit that referenced this issue May 31, 2016

@andrewdavidwong
Track #1121
Verified
This commit was signed with a verified signature.
@andrewdavidwong andrewdavidwong Andrew David Wong
GPG key ID: DB4DD3BC39503030 Learn about signing commits
64e79bb

@marmarek marmarek modified the milestones: Release 3.2, Release 4.0 Aug 5, 2016

@andrewdavidwong andrewdavidwong modified the milestones: Release 4.0, Release 4.1 Mar 31, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment