[HN Gopher] A unikernel firewall for QubesOS (2016) ___________________________________________________________________ A unikernel firewall for QubesOS (2016) Author : luu Score : 31 points Date : 2020-02-17 03:39 UTC (19 hours ago) (HTM) web link (roscidus.com) (TXT) w3m dump (roscidus.com) | 0xff00ffee wrote: | I'm confused by this: | | "In Qubes, NetVM acts as netback to FirewallVM, which acts as a | netback in turn to its clients. But in Qubes, NetVM is supposed | to be untrusted! So, we have code running in kernel mode in the | (trusted) FirewallVM that is talking to and trusting the | (untrusted) NetVM!" | | Is this true? | tenebrisalietum wrote: | FirewallVM is probably "in front of" the untrusted NetVM. | | > we have code running in kernel mode | | It's 2020. You have to understand there are 3 levels now - | hypervisor, kernel, user, not two anymore. You don't | necessarily own the system unless you are on hypervisor level. | If you only do one thing in a VM, and don't rely too much OS | primitives like users, etc. to do it (as you may not in a pure | networking situation like routing, etc.), you can flatten | kernel+user and increase performance and not sacrifice | security. | | That being said I should read this article and will do so. | [deleted] | blattimwind wrote: | The real oops is that the boundary they are using as a trust | boundary is not considered a trust boundary by its | developers. Plainly, | | > the netback driver runs in dom0 and is fully trusted. It is | coded to protect itself against misbehaving client VMs. | Netfront, by contrast, assumes that netback is trustworthy. | The Xen developers only considers bugs in netback to be | security critical. | | > What can an attacker do once they've exploited FirewallVM's | trusting netfront driver? Presumably they now have complete | control of FirewallVM. At this point, they can simply reuse | the same exploit to take control of the client VMs, which are | running the same trusting netfront code! | alpn wrote: | 2016 | talex5 wrote: | Indeed. The project has since moved under the mirage org on | GitHub, and now has several contributors: | | https://github.com/mirage/qubes-mirage-firewall ___________________________________________________________________ (page generated 2020-02-17 23:01 UTC)