So building upon my previous post about “having a password” to open/run appvm or template. How about this as well…
Say you want to move,copy a file,folder,whatever…etc from one qubes to another. From lets say “personal to work” or where ever. Before you can do move,copy you get a password prompt asking for password to allow such transaction to take place? If you don’t have right password the move,copy file,folder or whatever is… haulted…
Adjusted the title to say what the post is about. This makes it easiler for others to know if there’s value to them in the tread before clicking.
Do keep in mind that Qubes actively remove password prompts (see Minimal templates | Qubes OS) not sure if this would add any real security. Having dom0 ask you that is probably all the real security you need.
You can learn how to have a dom0 prompt for ceratin actions by learning about Qrexec Policy Administration:
Thanks, ill check this out…
So you assume you are not the admin on your computer, right? See here: Frequently asked questions (FAQ) | Qubes OS.
No, I think you guys are missing what i am saying…
IF while on the internet somehow your QubesOS is attacked and this attacker gets inside and wants to copy or move (files,folders) from your system to theirs, you would get a password propmt popup asking for the passwors to allow such things to happen. If password isn’t right then (copy,move) would not happen. I am not talking about a “multi-user” enviroment…
You mean dom0 is compromised? In this case, the attacker can easily switch off the password prompt and nothing will help you. If a single VM is compromised but dom0 isn’t, you will get a prompt without a password and will know about the problem.
Or is something different on your mind?
@fsflover Yes exactly…
If a single VM is compromised but dom0 isn’t, you will get a prompt without a password and will know about the problem.
But could the “prompt without a password” have a password to allow the (copy,move) files,folders? And if the passwords don’t match then the (allow the (copy,move)) does not happen…
What are you defending against by asking for that password? Against yourself?
No, if VM,domain information such as allow the (copy,move) files and folders to happen. I had this happen on one of my windows systems and this person got a alot of stuff. While i was on the internet and in fact they changed documents and excel files.
I know becasue of my backups of these documents, xls files. When looking over and compairing them and digging deeper the time/date modify. I knew someone changed them
You are probably missing that the prompt you are getting comes from dom0, not from the VM. If dom0 is not compromised, the file transfer only happens with your permit, even without the password.
Yeah, i am. Point taken. I over looked that
As @fsflover has explained, the password you’re proposing would add nothing. The existing prompt is unspoofable because it’s in dom0. If dom0 is compromised, it’s already game over. If you’re worried about accidentally clicking “Yes” on a prompt, or if you know that there are certain things you never want to happen, then consider using RPC policies to enforce your own desired behavior.