Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Usable error message: qvm-move-to-vm and qvm-copy-to-vm target dom0 #2031

Closed
Jeeppler opened this issue May 25, 2016 · 7 comments
Closed

Usable error message: qvm-move-to-vm and qvm-copy-to-vm target dom0 #2031

Jeeppler opened this issue May 25, 2016 · 7 comments
Labels
C: core P: minor Priority: minor. The lowest priority, below "default." r3.1-dom0-stable r3.2-dom0-stable ux User experience

Comments

@Jeeppler
Copy link

Jeeppler commented May 25, 2016
edited
Loading

Qubes OS version (e.g., R3.1):

R3.1

Affected TemplateVMs (e.g., fedora-23, if applicable):

all

Expected behavior:

Expect an error message like:

[user@qubes-dev qubes-cheatsheet]$ qvm-copy-to-vm dom0 qubes-cheatsheet.pdf
Request refused
[user@qubes-dev qubes-cheatsheet]$ qvm-move-to-vm dom0 qubes-cheatsheet.pdf
Request refused

or

[user@qubes-dev qubes-cheatsheet]$ qvm-copy-to-vm dom0 qubes-cheatsheet.pdf
Not allowed
[user@qubes-dev qubes-cheatsheet]$ qvm-move-to-vm dom0 qubes-cheatsheet.pdf
Not allowed

each with useful qrexec error dialog message.

Actual behavior:

No, useful error message:

[user@qubes-dev qubes-cheatsheet]$ qvm-move-to-vm dom0 qubes-cheatsheet.pdf
EOFt 0/177 KB
[user@qubes-dev qubes-cheatsheet]$ qvm-copy-to-vm dom0 qubes-cheatsheet.pdf
EOFt 0/177 KB
@andrewdavidwong andrewdavidwong added enhancement C: core P: minor Priority: minor. The lowest priority, below "default." ux User experience labels May 25, 2016
@andrewdavidwong
Copy link
Member

Related: #1839, #1324

@jpouellet
Copy link
Contributor

This happens because dom0 has a policy for qubes.Filecopy:

[user@dom0 ~]$ cat /etc/qubes-rpc/policy/qubes.Filecopy 
## Note that policy parsing stops at the first match,
## so adding anything below "$anyvm $anyvm action" line will have no effect

## Please use a single # to start your custom comments

$anyvm  $anyvm  ask

but no actual RPC service (no /etc/qubes-rpc/qubes.Filecopy).

When a VM tries to invoke qubes.Filecopy on dom0, qrexec-policy is consulted as normal:

[user@dom0 bin]$ sudo /usr/local/bin/execsnoop
Tracing exec()s. Ctrl-C to end.
Instrumenting sys_execve
   PID   PPID ARGS
...
  9318   8939 qrexec-policy -- 7 qubes-builder dom0 qubes.Filecopy SOCKET8
  9319   9318    qrexec-policy-9319  [003] d... 10555.510076: execsnoop_sys_execve: (SyS_execve+0x0/0x50)
  9320   9319 /sbin/ldconfig -p

You get a dialog asking to confirm. And if you do, then it tries to run the service:

  9318      0 qrexec-client -d dom0 -c SOCKET8,qubes-builder,7 /usr/lib/qubes/qubes-rpc-multiplexer qubes.Filecopy qubes-builder
  9323   9318 bash -c /usr/lib/qubes/qubes-rpc-multiplexer qubes.Filecopy qubes-builder
  9325   9323 mkfifo /tmp/qrexec-rpc-stderr.9323
  9326   9323 logger -t qubes.Filecopy-qubes-builder -f /tmp/qrexec-rpc-stderr.9323
  9327   9323 rm -f /tmp/qrexec-rpc-stderr.9323
  9323      0 /bin/sh -- /etc/qubes-rpc/qubes.Filecopy

but no such service exists.

One possible solution is to just add:

$anyvm  dom0    deny

to the top of the policy.

Thoughts?

jpouellet added a commit to jpouellet/qubes-core-admin that referenced this issue Nov 15, 2016
@jpouellet
Explicitly deny qubes.Filecopy to dom0 in RPC policy
9835167 
It already wasn't possible to qubes.Filecopy to dom0 because dom0
had no actual qubes.Filecopy service.

The introduction of this policy only improves the error message when
someone tries.

Fixes QubesOS/qubes-issues#2031
@jpouellet jpouellet mentioned this issue Nov 15, 2016
Closed
@marmarek
Copy link
Member

I think the bug is elsewhere: documentation says dom0 reserved keywords (note string dom0 does not match the $anyvm pattern; all other names do). Apparently this is broken...

marmarek added a commit to marmarek/qubes-core-admin that referenced this issue Nov 18, 2016
@marmarek
tests: check '$anyvm' parsing in qrexec policy
68a116e 
Regression test for QubesOS/qubes-issues#2031
@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.2.10-1.fc23 has been pushed to the r3.2 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

marmarek added a commit to QubesOS/qubes-core-admin that referenced this issue Nov 20, 2016
@marmarek
tests: check '$anyvm' parsing in qrexec policy
d60bc28 
Regression test for QubesOS/qubes-issues#2031

(cherry picked from commit 68a116e)
marmarek added a commit to QubesOS/qubes-core-admin-linux that referenced this issue Nov 20, 2016
@marmarek
qrexec: really do not match 'dom0' at '$anyvm', as documented
bc0d64b 
Design documentation says:
'note string dom0 does not match the $anyvm pattern; all other names do'

This behaviour was broken, because 'is not' in python isn't the same as
string comparison. In theory this could result in some service
erroneously allowed to execute in dom0, but in practice such services are
not installed in dom0 at all, so the only impact was misleading error
message.

Fixes QubesOS/qubes-issues#2031
Reported by @Jeeppler

(cherry picked from commit 981a11c)
@marmarek
Copy link
Member

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.1.13-1.fc20 has been pushed to the r3.1 testing repository for dom0.
To test this update, please install it with the following command:

sudo qubes-dom0-update --enablerepo=qubes-dom0-current-testing

Changes included in this update

@marmarek
Copy link
Member

marmarek commented Dec 4, 2016

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.1.13-1.fc20 has been pushed to the r3.1 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

@qubesos-bot
Copy link

Automated announcement from builder-github

The package qubes-core-dom0-linux-3.2.11-1.fc23 has been pushed to the r3.2 stable repository for dom0.
To install this update, please use the standard update command:

sudo qubes-dom0-update

Or update dom0 via Qubes Manager.

Changes included in this update

marmarek added a commit to QubesOS/qubes-core-admin that referenced this issue Mar 14, 2017
@marmarek
tests: check '$anyvm' parsing in qrexec policy
20e4764 
Regression test for QubesOS/qubes-issues#2031

(cherry picked from commit 68a116e)
@qubesos-bot qubesos-bot mentioned this issue Mar 16, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C: core P: minor Priority: minor. The lowest priority, below "default." r3.1-dom0-stable r3.2-dom0-stable ux User experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@marmarek @jpouellet @Jeeppler @andrewdavidwong @qubesos-bot