From d5e06bfb8387ed2cc06041d18ed8e5e3a55cc765 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Thu, 2 Jun 2016 02:45:26 +0200 Subject: [PATCH] qvm-usb: issue detach call to backend domain Make sure that even compromised frontend will be cut of (possibly sensitive - like a webcam) device. On the other hand, if backend domain is already compromised, it may already compromise frontend domain too, so none of them would be better to call detach to. QubesOS/qubes-issues#531 --- core/qubesutils.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/core/qubesutils.py b/core/qubesutils.py index 27455bca..494ca7d4 100644 --- a/core/qubesutils.py +++ b/core/qubesutils.py @@ -645,9 +645,10 @@ def usb_detach(qvmc, vm, device): "Device {} not connected to VM {}".format( device['name'], vm.name)) - p = vm.run_service('qubes.USBDetach', passio_popen=True, user='root') + p = device['vm'].run_service('qubes.USBDetach', passio_popen=True, + user='root') (stdout, stderr) = p.communicate( - '{} {}\n'.format(device['vm'].name, device['device'])) + '{}\n'.format(device['device'])) if p.returncode != 0: # TODO: sanitize and include stdout raise QubesException('Device detach failed')