Dear Qubes community,
I am looking for a really secure way to use Qubes for searching not only a hard drive for file names, but for text that is in files.
The goal is to avoid an exploit in the searched files leading to a takeover of the hard drive by malware.
The total size of all my files is too large for me to put them all in one qube before searching for text in them.
Would it perhaps be possible to mount only a single partition of the hard drive into a qube, but not with write permissions, only read permissions?
I would do the search on command line, using "grep" for plain text files, "pdfgrep" for PDFs, and something for table files, databases, etc.
Is my idea feasible? And how secure would it be?
Best regards
Michael Singer
Michael Singer:
I am looking for a really secure way to use Qubes for searching not
only a hard drive for file names, but for text that is in files.
The goal is to avoid an exploit in the searched files leading to a
takeover of the hard drive by malware.
The total size of all my files is too large for me to put them all
in one qube before searching for text in them.
Would it perhaps be possible to mount only a single partition of the
hard drive into a qube, but not with write permissions, only read
permissions?
Yes, e.g. like this:
$ qvm-block attach --ro destinationvm sys-usb:sda1
Then you can decrypt and mount the read-only /dev/xvdi in the
destination VM.
I would do the search on command line, using "grep" for plain text
files, "pdfgrep" for PDFs, and something for table files, databases,
etc.
Is my idea feasible? And how secure would it be?
Sounds fine to me. But malicious content could still exploit the
destination VM, so consider attaching to a DisposableVM (after
switching off its networking).
If your partition is LUKS1[1] encrypted, Split dm-crypt[2] might be
convenient. Its default behavior is to attach the decrypted partition
to an offline DisposableVM:
$ qvm-block-split attach --ro sys-usb:sda1
[1] TODO: LUKS2 support
[2] GitHub - rustybird/qubes-split-dm-crypt: Isolate secondary storage dm-crypt and LUKS1 header processing to Qubes DisposableVMs
Rusty
Dear Qubes community,
I am looking for a really secure way to use Qubes for searching not only a hard drive for file names, but for text that is in files.
The goal is to avoid an exploit in the searched files leading to a takeover of the hard drive by malware.
If your app is working on the disk device and the app only has read access to it, it'll be quite unlikely that the disk device will be changed.
Likewise if you mount the filesystem read-only, and the user running the app is unable to re-mount, it's also quite unlikely that the disk will be changed. You could even try to combine both methods (read-only mount a read-only block device). However not all filesystems work on a write-protected block device.
You could also try to find a hardware solution setting the drive read-only.
A variant: mount it RO in AppVM1, then attach it to AppVM2 (which by no
means can "remount -rw" it unless interVM-barriers are breached (and
game is over anyways).