New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No file manager in Dom0 4.0 rc4 #3536

Closed
JPL1 opened this Issue Feb 4, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@JPL1

JPL1 commented Feb 4, 2018

Qubes OS version:

R4.0 rc4

Am I imagining things or was nautilus installed in dom0 previously? If so has it been removed intentionally?

Edit: actually I think it was Thunar.

@andrewdavidwong

This comment has been minimized.

Show comment
Hide comment
@andrewdavidwong

andrewdavidwong Feb 4, 2018

Member

For security reasons, the file manager in dom0 should never be used:

Dom0 has access to every VM’s data in the form of its private image file, including untrusted (e.g., red-bordered) VMs. If the user were to make a mistake (or be tricked into making one) and thereby inadvertently access untrusted files from dom0, those files could exploit the application which accessed them (e.g., a file manager) and gain control over dom0 and, therefore, the entire system. Even simply displaying the data in a terminal emulator can be dangerous. For example, some file managers (such as the Thunar File Manager, which is pre-installed by default in the Xfce4 version of dom0) list loop devices used by running VMs. When one of these devices is selected in the file manager, the loop device is mounted to dom0, effectively transferring the contents of the home directory of a (by definition less trusted) AppVM to dom0.

https://www.qubes-os.org/doc/security-guidelines/#dom0-precautions
https://groups.google.com/forum/#!msg/qubes-users/_tkjmBa9m9w/9BbKh94PVtcJ

So, it was probably removed intentionally.

Member

andrewdavidwong commented Feb 4, 2018

For security reasons, the file manager in dom0 should never be used:

Dom0 has access to every VM’s data in the form of its private image file, including untrusted (e.g., red-bordered) VMs. If the user were to make a mistake (or be tricked into making one) and thereby inadvertently access untrusted files from dom0, those files could exploit the application which accessed them (e.g., a file manager) and gain control over dom0 and, therefore, the entire system. Even simply displaying the data in a terminal emulator can be dangerous. For example, some file managers (such as the Thunar File Manager, which is pre-installed by default in the Xfce4 version of dom0) list loop devices used by running VMs. When one of these devices is selected in the file manager, the loop device is mounted to dom0, effectively transferring the contents of the home directory of a (by definition less trusted) AppVM to dom0.

https://www.qubes-os.org/doc/security-guidelines/#dom0-precautions
https://groups.google.com/forum/#!msg/qubes-users/_tkjmBa9m9w/9BbKh94PVtcJ

So, it was probably removed intentionally.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment