Document that NetVMs of Windows VMs must be trusted #7688
Labels
C: doc
P: major
Priority: major. Between "default" and "critical" in severity.
security
This issue pertains to the security of Qubes OS.
T: enhancement
Type: enhancement. A new feature that does not yet exist or improvement of existing functionality.
How to file a helpful issue
The problem you're addressing (if any)
Windows VMs use a netfront driver that is not hardened against attacks by a malicious netback driver. Worse, #7687 means that if a Windows VM is running any of a variety of network services, any other Windows VMs based on the same template could attack it easily, needing only the ability to make a network connection to said VM.
The solution you'd like
Document that the NetVM of a Windows VM must be as trusted as the Windows VM itself, and that allowing incoming network connections to any Windows VM other than a StandaloneVM is a terrible idea.
The value to a user, and who that user might be
Users who use Windows VMs will be less likely to expose them to attack.
The text was updated successfully, but these errors were encountered: