undefined | Better HN

0 pointseuank11y ago0 comments

I don't see how that follows or relates; chrome's sandboxes are definitely not VMs... VMs are in general better understood and far better isolated.

Can you expound on that comment?

0 comments

zurn11y ago

How is the isolation in Xen better than Chrome sandboxes - do you mean the attack surface is smaller, the code quality better, or the task somehow inherently simpler/easier?

From where I sit, vulnerabilities in virtualization have seen less public scrutiny than the Chrome sandbox. Eg none of the hypervisor vendors have a bug bounty program, which would be at least some kind of signal.

throwaway776711y ago

The attack surface of a paravirtualized Xen VM to its hypervisor is much smaller than a linux application talking to the linux kernel.

Of course it's not perfect, but xen has a pretty good track record. And a significant chunk of the flaws that have been found xen were found by the qubes devs.

zurn11y ago

The Chrome sandbox setup doesn't correspond to a regular linux application talking to the kernel though. It has a 2-layer sandbox, with the seccomp-bpf and setuid sandboxes. They restrict the kernel interface to a whitelisted subset.

XorNot11y ago

At some level to use an OS, Qubes need to be able to talk to each other. We've had hacks which break TCP stacks, OpenSSL (recently) and practically every other type of subsystem.

Hell, Cryptolocker shows up that fundamentally the whole thing is solving the wrong problem in the first place for ordinary users, which is who cares if the OS survives if your data doesn't?

j / k navigate · click thread line to collapse

0 comments

zurn11y ago

How is the isolation in Xen better than Chrome sandboxes - do you mean the attack surface is smaller, the code quality better, or the task somehow inherently simpler/easier?

throwaway776711y ago

The attack surface of a paravirtualized Xen VM to its hypervisor is much smaller than a linux application talking to the linux kernel.

Of course it's not perfect, but xen has a pretty good track record. And a significant chunk of the flaws that have been found xen were found by the qubes devs.

zurn11y ago

XorNot11y ago

At some level to use an OS, Qubes need to be able to talk to each other. We've had hacks which break TCP stacks, OpenSSL (recently) and practically every other type of subsystem.

Hell, Cryptolocker shows up that fundamentally the whole thing is solving the wrong problem in the first place for ordinary users, which is who cares if the OS survives if your data doesn't?

j / k navigate · click thread line to collapse