I need to understand the security implications of running Redshift (or a similar software; e.g. if Redshift has some bad security implications but there’s another option for Night Light Filter and/or Grayscale with less security implications) in dom0. I need to understand that so I can decide whether I will use Redshift (or the other software that you may tell me about, that is being more minimal or so) for my eyes, or let my eyes hurt me for more security.
For example, does Redshift install like additional GPU drivers or so that increases attack surface or so (and what attack surface gets increased? how would that matter in dom0 which is isolated anyway?) I hope you understand my request.
Basically, I saw: andrewdavidwong saying that he/she uses Redshift already, and that they will not add it by default in Qubes. And, in How to install software in dom0 | Qubes OS, it’s said: “This page is intended for advanced users.” and:
For example, there is nothing that the Qubes OS Project can feasibly do to prevent a malicious RPM from exploiting a hypothetical bug in the cryptographic signature verification operation.
There is nothing wrong in redshift and redshift-gtk as far as we know.
The quoted warning is about the fact that each extra software you install in dom0 add the chance of having one being malicious.
There is absolutely no guarantee with free software, you need to trust an insane amount of people for each software you use. Redshift is an old project, it has few updates and was tested for years, I highly doubt it contains a backdoor that could be exploited.
What would be a lot more riskier is to install rpm files downloaded from websites or vendors instead of using packages from Fedora repositories that are curated by people who care about the quality of the linux distribution in which they put a lot of effort and dedicate their time.
Speaking about redshift specifically, I don’t think it installs any drivers: it uses gamma ramps functionality, provided by already existing drivers instead. See redshift github page.
As long as dom0 stays isolated, the main attack surface that is added when you are installng an app is the code of the app via a supply chain attack.
In the end, it all comes down to you comparing what is higher - cost of you not using redshift or risk-adjusted cost of being hacked (only the risk increase by you adding an app should be evaluated - all the other risk is already there) over the lifetime of the system.