The Arch package management system, Pacman, relies on a secret,
per-machine master key readable only by root. This is used to sign
the other Arch root signing keys. Anyone with access to the secret
part of the master key can present packages that Pacman will trust,
and thus execute arbitrary code as root.
In typical use, this is fine, since the master key is securely
generated and only readable by root. This is normally sufficient to
prevent the secret part of the key from being accessed by unauthorized
parties. However, in QubesOS, this is not sufficient. The master
key is stored on the root volume, so it is accessible to all AppVMs
based on the TemplateVM. Anyone who compromises one of these AppVMs
can dump the secret master key. If they can then perform an on-path
attack on the update process, this allows them to execute arbitrary
code on the TemplateVM.
To fix this vulnerability, it is necessary to ensure that the master
signing key is securely deleted after it has been generated. This can
be accomplished by placing /etc/pacman.d/gnupg/private-keys-v1.d on
a tmpfs, both while building and running the template. Pacman will
produce warnings about not being able to sign the master key, but
these are not fatal.