LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Qubes beta 1 released

Qubes beta 1 released

Posted Apr 20, 2011 18:29 UTC (Wed) by PaXTeam (subscriber, #24616)
In reply to: Qubes beta 1 released by jarrett.miller
Parent article: Qubes beta 1 released

> [...] then TXT does indeed allow you to know what is running on your computer reliably.

not exactly. it tells you what was running at the time SENTER executed, it says nothing about the future. in a post somewhere above you tried to dismiss the problem of exploitable bugs by saying this:

> Some OS partition will be where that wireless driver exists. So when
> someone exploits that flaw and roots that OS partition then the
> hypervisor should be able to tell (new executable pages come in to
> existence or the contents of executable pages change). So it has done
> its job and let you know that said partition is rooted.

so this hypervisor wouldn't let guest kernels modify themselves (think of the alternatives mechanism in linux) or load kernel modules? can you name a single widespread (or heck, any) distro which would be able to run on this hypervisor? so you can't do this. but then runtime code generation must be allowed for the guest kernels and that means any kernel exploit is back in business, TXT/hypervisor/etc didn't improve anything, you still don't know what code runs on your box.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds