Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make use of custom-persist on app qubes #1265

Open
1 task
deeplow opened this issue Mar 4, 2025 · 0 comments
Open
1 task

Make use of custom-persist on app qubes #1265

deeplow opened this issue Mar 4, 2025 · 0 comments
Labels
Qubes 4.3

Comments

@deeplow
Copy link
Contributor

deeplow commented Mar 4, 2025

  • I have searched for duplicates or related issues

Description

Limit persistence on certain directories in the app qubes with custom-persist.

How will this impact SecureDrop/SecureDrop Workstation users?

No impact.

How would this affect the SecureDrop Workstation threat model?

It adds a security mitigation that makes malware persistence from something trivial to accomplish (writing to /rw/config/rc.local or ~/.config/autostart/) to something slightly more involved (using directories which execute on file dropping as opposed to machine restart, or compromising the /dev/xvdb disk itself). But it should not change the threat model itself.

User Stories
@eloquence eloquence changed the title Make use of custom-persit on app qubes Make use of custom-persist on app qubes Mar 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Qubes 4.3
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@deeplow