Qubes/core-admin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

qubes.VMShell.policy: extend comment

Browse Source
This commit is contained in:
Marek Marczykowski-Górecki 2014-05-07 15:34:59 +02:00
parent 8fca6e64f0
commit 6ef280b132
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
qubes-rpc-policy/qubes.VMShell.policy
View File

@ -7,9 +7,11 @@ $anyvm $dispvm allow
$anyvm $anyvm deny
# WARNING: The qubes.VMShell service is dangerous and there are really few
# cases when it could be safely used. Allowing one VM to execute qubes.VMShell
# over the other VM allows the former to TAKE FULL CONTROL over the later. In
# most cases this is not what we want!
# cases when it could be safely used. Especially when policy set to "ask" you
# have no way to know for sure what command(s) will be called. Compromissed
# source VM can substitute the command. Allowing one VM to execute
# qubes.VMShell over the other VM allows the former to TAKE FULL CONTROL over
# the later. In most cases this is not what we want!
#
# Instead we should be using task-specific qrexec services which provide
# assurance as to what program will be responding to the (untrusted) VM