Anatomy of Qubes' trusted window manager?

Discussion in 'all things UNIX' started by Gullible Jones, Sep 29, 2014.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    Are there any articles, documentation, etc. on this? I'm looking around but having trouble finding answers. Is the trusted WM proprietary or something?

    Edit: to elaborate, I'm interested in whether the trusted WM could be used on top of a different virtualization technology, or even a more typical mandatory access control framework like AppArmor.
     
    Last edited: Sep 29, 2014
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Have you asked on their mail list?
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    I recall Joanna talking about having a choice of WM in future, my understanding was that it is was standard. Can't recall the reference right now, believe it was in one of her blogs.
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,459
    @mirimir: I haven't. I'm not much for mailing lists...

    @deBoetie: from the way it color-codes VMs, I don't think it's standard.

    Edit: actually, from this

    https://qubes-os.org/ticket/84

    It looks like the WM is at least not from scratch.

    I'm very confused. How can a bog-standard WM do any kind of sensible, trustworthy arbitration between virtual machines on the same X display?
     
    Last edited: Sep 30, 2014
  5. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    Lots of assumptions going on here...

    There could be an underlying manager that passes colour coding config to each of the VM's and it could also be used to pass input between the VM's without using X.
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,147
    Location:
    UK
    From the FAQ at : https://qubes-os.org/wiki/UserFaq#WhatssospecialaboutQubesGUIvirtualization

    "What's so special about Qubes' GUI virtualization?
    We have designed the GUI virtualization subsystem with two primary goals: security and performance. Our GUI infrastructure introduces only about 2,500 lines of C code (LOC) into the privileged domain (Dom0), which is very little, and thus leaves little space for bugs and potential attacks. At the same time, due to the smart use of Xen shared memory, our GUI implementation is very efficient, so most virtualized applications really feel as if they were executed natively."

    I suspect this is what does the color coding on the windows, and seems to imply that the WM is native to each VM? I also remember reading that they had decided against full-screening anything because that would allow rogue apps to emulate the "real" system and fool the user into dangerous actions.