Xen exploitation part 3: XSA-182, Qubes escape

If you&#x27;re a security newb like me but you are using Qubes, update your dom0 software and this vulnerability is fixed. run:<p>sudo qubes-dom0-update<p>The exploit itself allows an attacker who gains control of one domain (like your untrusted cat video domain) to execute scripts in any domain.

Style points for running xcalc to demonstrate arbitrary code execution on a UNIX desktop. calc.exe is pretty common for this sort of thing on Windows, but I think I&#x27;d forgotten xcalc even existed until seeing the screenshot. :)

While Qubes is probably the most secure desktop OS available, reading through this code shows the extreme conflict between high performance code. Especially highly optimized C code, and security. When I look at that code, I cannot use intuition, I have to think really hard to understand what it is doing and even in doing so, I might well be wrong in my understanding.

at what point do we all say &quot;maybe Xen isn&#x27;t the best hypervisor to work with for this sort of goal&quot;?