Thank you for the reply!

On 04/17/10 10:50, Javier J. Martínez Cabezón wrote:
> I didn't implement it but i would like to say something about this
> interesting question.
>
> Until my knowledge qubes only gets you isolation and nothing more. It
> creates "domains" (that is nothing more than a named xen guest VM to
> one special use like "shopping virtual machine"). It does not make
> nothing new at the moment.
>
> In my opinion it gives only a high overhead to the system since each
> VM gets (if I'm not wrong) 400 Mb of RAM.
>
> The same isolation you get without this overhead using grsecurity's
> chroot, rsbac_jail etc and if you want to sleep better in the night
> you have to only create one separate user like a shopping user
> isolating it with MAC.

Yep...... this is what I'm doing now; lots of little unprivileged users
executing GRS chroot jails. In many cases (e.g. browser, snort, etc) I
load the jail into RamDisk first, so that if something is quietly changed -
other than bookmarks - it is not retained. Bookmarks are saved before
shutting down the RamDisk jail.


>
> Second, I would like to know how does make the communication between
> the guest VM application and the host system, I suppose that with
> xnest or displaying in the required IP, I don't know.  Xorg is a high
> risky software when using in a network environment approach. So
> isolation could be broken from here.

Think she would agree with you about Xorg;

I'm a newbie; but FWICT they've created some new software - including a
secure means of managing and communicating between VMs:

"..We have designed the GUI virtualization subsystem with two primary
goals: security and performance. Our GUI infrastructure introduces only
about 2,500 lines of C code (LOC) into the privileged domain (Dom0),
which is very little, and thus leaves not much space for bugs and
potential attacks. At the same time, due to smart use of Xen shared
memory our GUI implementation is very efficient, so most virtualized
applications really feel like if they were executed natively..."


> Hardened gentoo (I believe) supports VM's like Virtual Box, User Mode
> Linux, Xen and a lot of more you could try to install them and make a
> installation in one of them (I make use of VM's to virtual servers).
> This is what qubes do.

Guess my goal is putting the most vulnerable process on my desktop - my
browser - into a VM that can cruise with JS, Java, etc. all active,
without any chance of some zero-day browser issue. I was going to use
KVM, but it looks like KVM will not soon have access to the GPU, whereas
the latest Xen can do that.

As far as communications between VMs, my plan was/is to use SSH or NX
over Virtual Ethernet; each VM properly firewalled. This works well; but
Rutkowska's GUI sounds interesting, and less complex.

I'm -guessing- one could use hardened-Gentoo as the core, and compile
Qubes SRPMs to implement her software. Figured someone might have done
it already.

Thanks again for your thoughts!!