zlacker

[parent] [thread] 3 comments
1. snvzz+(OP)[view] [source] 2023-07-11 21:53:55
>You still have to get through Xen to get to anything I consider of value.

It's not unthinkable, as Xen is huge, at hundreds of kLoCs. But there's an effort[0] to make a Qubes that uses seL4 in place of Xen.

0. https://trustworthy.systems/projects/TS/makatea

replies(1): >>fsflov+ka1
2. fsflov+ka1[view] [source] 2023-07-12 09:40:15
>>snvzz+(OP)
Most of Xen's vulnerabilities do not affect Qubes OS: https://www.qubes-os.org/security/xsa/.
replies(1): >>snvzz+Cm1
◧◩
3. snvzz+Cm1[view] [source] [discussion] 2023-07-12 11:32:29
>>fsflov+ka1
Most vulnerabilities of anything do not affect all its users.

But it's bad enough if any do. (some do affect Qubes)

It is an architectural problem.

SeL4 is a good replacement, with excellent performance and strong formal proofs.

replies(1): >>fsflov+Yn1
◧◩◪
4. fsflov+Yn1[view] [source] [discussion] 2023-07-12 11:41:43
>>snvzz+Cm1
SeL4 is great an all, but no one of those Xen vulnerabilities has led to an escape since forever, have they?
[go to top]