From 6f6e9a534eb07d988afb0af1e47b3527f558fe3c Mon Sep 17 00:00:00 2001
From: Joanna Rutkowska <joanna@invisiblethingslab.com>
Date: Sat, 4 Oct 2014 19:08:34 +0000
Subject: [PATCH] Qrexec changed

Note on running more complex RPC protocols on top on qrexec
---
 Qrexec.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Qrexec.md b/Qrexec.md
index ceda1acf..0824486b 100644
--- a/Qrexec.md
+++ b/Qrexec.md
@@ -146,6 +146,8 @@ and we should get "3" as answer, provided dom0 policy allows the call to pass th
 More high-level RPCs?
 ---------------------
 
+As previously noted, Qubes aims to provide mechanisms that are very simple and thus with very small attack surface. This is the reason why the inter-VM RPC framework is very primitive and doesn't include any serialization or other function arguments passing, etc. We should remember, however, that users/app developers are always free to run more high-level RPC protocols on top of qrexec. Care should be taken, however, to consider potential attack surfaces that are exposed to untrusted or less trusted VMs in that case.
+
 Qubes RPC internals
 -------------------