Dom0 basic linux command security implications

Is it bad practice to make scripts in dom0 that make use of any command available in baseline installation? Of course the qubes specific commands must be trusted, but what about vim, or any combination of find, awk, grep, sed, xargs, or even python3?

Is it a bad idea to make scripts that use lots of commands? Or are these all assumed to be pretty safe activities?

1 Like

The biggest danger is to make a mistake and damage your dom0. All theses commands are certainly used under the hood, so you can consider it’s safe to use them with regard to data ex-filtration.

1 Like

No, it’s a great idea, because some things you have to do from dom0.

The most important thing is that you make Qubes work for you. If writing scripts in dom0 makes Qubes work for you, then you have to do it.

Just double check what you’re doing. Try to avoid obvious mistakes.

2 Likes