Groups | Search | Server Info | Keyboard shortcuts | Login | Register
| Path | csiph.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Samuel Thibault <samuel.thibault@gnu.org> |
| Newsgroups | gnu.hurd.help |
| Subject | Re: Combining Hurd and Qubes OS for security reasons? Possible? |
| Date | Sun, 20 Dec 2015 22:47:02 +0100 |
| Lines | 32 |
| Approved | help-hurd@gnu.org |
| Message-ID | <mailman.264.1450648031.843.help-hurd@gnu.org> (permalink) |
| References | <CAB=Lj3T9dABDCnfiPFmui45WdZSVvpGs6rMX=PBVR6O94Es-Ug@mail.gmail.com> <20151219222843.GQ4287@var.home> <CAB=Lj3To1em5vDei-=g48fp398m75LRraXZ47tgzvzFr=oUR7Q@mail.gmail.com> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| X-Trace | usenet.stanford.edu 1450648031 28489 208.118.235.17 (20 Dec 2015 21:47:11 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | help-hurd@gnu.org |
| To | David Renz <sun.kisses.horizon@gmail.com> |
| Envelope-to | help-hurd@gnu.org |
| Content-Disposition | inline |
| In-Reply-To | <CAB=Lj3To1em5vDei-=g48fp398m75LRraXZ47tgzvzFr=oUR7Q@mail.gmail.com> |
| User-Agent | Mutt/1.5.21+34 (58baf7c9f32f) (2010-12-30) |
| X-detected-operating-system | by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] |
| X-Received-From | 140.77.166.138 |
| X-BeenThere | help-hurd@gnu.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | Users list for the GNU Hurd <help-hurd.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/help-hurd>, <mailto:help-hurd-request@gnu.org?subject=unsubscribe> |
| List-Archive | <http://lists.gnu.org/archive/html/help-hurd> |
| List-Post | <mailto:help-hurd@gnu.org> |
| List-Help | <mailto:help-hurd-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/help-hurd>, <mailto:help-hurd-request@gnu.org?subject=subscribe> |
| Xref | csiph.com gnu.hurd.help:355 |
Show key headers only | View raw
David Renz, on Sun 20 Dec 2015 22:40:03 +0100, wrote: > 1) I have seen ACPI code in 'real life' which is able to modify Windows, Linux > and BSD systems on the same computer (probably code stored in the DSDT table). > So even if Hurd would use ACPI only e. g. for shutting down the computer: Could > the according function call used for shutting down the computer lead to other > ACPI code being executed? I would guess that this might be possible. I don't know. See the code in ./i386/i386at/acpihalt.c. That looks like a small interpreter. I don't know what it's able to do. > 2) If booting Hurd or Linux with the "acpi=off" boot parameter, would this rule > out the possibility that (malicious) ACPI code might get executed? In the Mach case, yes, because we'd then not use ACPI at all. I guess it's the same with Linux. > > > Wouldn't it potentially increase one's security by many times, if one would > be > > > able to let (e. g.) Debian Hurd as a template VM on top of a Qubes OS > system? > > > > Well, that'll replace the GNU Mach ACPI implementation with the Xen > > implementation, i.e. trading one security surface by another. Since the > > Xen one is well-tested, that can be a good trade :) > > Wouldn't a Qubes OS Hurd template be very much like running on a (perhaps more > secure) VM? I can only guess so, I don't know what Qubes provides beyond Xen. Samuel
Back to gnu.hurd.help | Previous | Next | Find similar
Re: Combining Hurd and Qubes OS for security reasons? Possible? Samuel Thibault <samuel.thibault@gnu.org> - 2015-12-20 22:47 +0100
csiph-web