The essence of my question is related to the fact that the vulnerable software is precisely the software I must rely on to patch the vulnerability. This makes me worried that there is a window of opportunity to attack the update process, before the patch has been applied.
I guess the simplest way to clarify my question is this: suppose that nothing in the qubes system is compromised at the moment. Is it the case that the vulnerabilities cannot be exploited as dom0 is executing the patching instructions given in the QSB? Or is it a kind of “cross your fingers” situation, where the attacker must strike NOW because after this update the system will be immune to the attack.
To elaborate, is it the case that if the attacker corrupts the patch for dom0 as RPM is downloading it, that I will see an error message and the corrupted package won’t get executed? If that’s the case, then is the following the safe way to do this update?
Second, check that the installed versions of the packages rpm, qubes-core-dom0-linux, and qubes-mgmt-salt-dom0-update match (or exceed) the versions in the QSB. Here we rely on the fact that the attacker didn’t get us to executed his corrupted version of RPM.
Third, delete un-patched fedora templates, and reinstall then through the patched dom0 RPM.
Is it correct to understand that during that procedure, there is no window of opportunity for an attacker?