From c09909c7022f17b578cd9a102639a4bdb87325e6 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Thu, 17 Dec 2020 23:07:12 -0500 Subject: [PATCH] =?UTF-8?q?Don=E2=80=99t=20assume=20dom0=20will=20never=20?= =?UTF-8?q?have=20a=20network=20connection?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In test setups, this actually happens! --- network/vif-route-qubes | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/network/vif-route-qubes b/network/vif-route-qubes index 51bf47e..1c3a854 100755 --- a/network/vif-route-qubes +++ b/network/vif-route-qubes @@ -88,8 +88,16 @@ fi readonly max_domid=32752 -# if domid is 0 something is seriously wrong, so don’t check for that case -if ! [[ $vif =~ ^vif([1-9][0-9]{,4})\.(0|[1-9][0-9]*)$ ]]; then +# This comment used to say, “if domid is 0 something is seriously wrong, so +# don’t check for that case”. Indeed, dom0 should never have an Ethernet +# connection in a production QubesOS system. +# +# However, giving dom0 an Ethernet connection can be extremely useful in +# insecure test environments, where there is simply no data worth compromising. +# In fact, some test setups, including OpenQA, actually do this. Therefore, we +# now handle this case correctly, even though it is by definition a security +# risk. +if ! [[ $vif =~ ^vif(0|[1-9][0-9]{,4})\.(0|[1-9][0-9]*)$ ]]; then printf 'Bad interface name %q\n' "$vif">&2 exit 1 fi