Sys net

What is Sys net

Sys net is a Qube that provides basic internet connectivity to the Qubes system. It contains the system's networking adaptor (the wifi or ethernet card), along with any GUI elements needed to run them (ie. the wifi applet).

Why split out Sys net?

As Sys net is it's own Qube, the rest of the system is protected against exploits in the DHCP/networking stack. As an example, CVE-2018-1111 (Dynoroot), allowed anyone able to spoof DHCP responses to execute arbitrary shell commands as root. If this was executing in an environment that contained confidential information, that would result in a complete compromise of the system. Under the default configuration, the network device is locked using the IOMMU, which prevents it from being used to escape the VM sandbox and attack the rest of the system. This is why there is a warning if you start your sys-net in PV mode - the network device cannot be locked with the IOMMU, and so vulnerable firmware could be used by an attacker to escape sys-net and attack the rest of the system. The net result of this, is that when exploits are found, it's simpler and safer to remediate them compared to a more "traditional" system, where there's only a single kernel and root owns all.

Disposable Sys net

A disposable sys-net would be useful in the case of a DHCP exploit (such as Dynoroot, mentioned above). The major downside preventing it from being shipped by default is that in the case of a wifi enabled system, when the sys-net is disposed, so are the saved wifi passwords. On ethernet, however, with standard DHCP, that shouldn't be a problem. See this issue on the Qubes github.

Non-graphical Sys net

A graphical sys-net is useful in the case of a wifi card, or other hardware card that requires extensive configuration. For a standard desktop usecase a non graphical qube would be better as there's no need for it to have a GUI - it only chews ram and opens up additional exploit area.

WhatIs/SysNet (last edited 2018-11-21 15:13:07 by admin)