Attack surface of templates

ddevz · December 1, 2021, 8:34pm

The templates come with many common applications not installed. I assume this is done “to reduce attack surface”.

So for example some of your application qubes may need to use libreoffice, but not all of them. One option is to add every application you want to use to the template and have every application qube use that template. Another option is to create a seperate “debian-11-with-libreoffice” qube, and have just the application qubes that need libreoffice to use that, while the others use plain “debian-11” template.

As you add the new programs your qubes need, it can fragment the templates with the worst case being “one template per appvm” (I.E. “debian-11-with-libreoffice-and-sshfs-and–python3-psycopg2–for-qube-work07” template used only by appVM “work07”)

Both extremes seem undesirable. Maybe the best is a balance between exposed attack surfaces and disk consumption/template proliferation?

What are peoples thoughts?

fsflover · December 1, 2021, 8:39pm

See also:

necker · December 1, 2021, 8:58pm

Check this out:

adw · December 2, 2021, 12:01am

Another reason is that including a lot of software makes the default templates quite large, which, in turn, makes the Qubes installation ISO very large.

Scumbag · December 2, 2021, 4:33pm

The author says using Flatpak is more secure than tradionally installed software due to all applications being in sandboxes, this is not true, and it is even less secure due to lack of fast security updates:
https://flatkill.org/

brochard · December 2, 2021, 7:02pm

Annnnnd another flatkill link

Sven · December 2, 2021, 11:40pm

@brochard:

Annnnnd another flatkill link

I cannot find a single instance of flatkill being linked or even mentioned in the forum, except this very one. In addition it was only mentioned once in #2766. Not sure what makes you react this way.

brochard · December 2, 2021, 11:57pm

Sorry, not trying to be rude. You’re right it’s not particularly discussed here, but in general, we can’t mention flatpaks anywhere without having someone posting flatkill, getting a bit boring

necker · December 3, 2021, 1:43am

I don’t know what to make of the flatpak criticisms. They seem quite legit… yet flatpak is also being recommended by a knowledgeable Qubes advocate who is sensitive to matters of privacy and security. Is it possible that the vulnerabilities mentioned are less of a concern when using template-based VMs?