-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2017-05-17 23:49, tokidev wrote: > Hello everyone, > > like the subject already says, I'd like to request for a feature which > shows the exact clipboard size when hitting the magic hotkey Ctrl-Shift-C. > > Due to lack of hardware, I didn't test if this is already the case, but > I couldn't find any suggesting. > > AFAIK, after hitting the mentioned hotkey there appears a dom0 message > box confirming that hit. This seems to be the ideal place where to > inform the user about the current clipboard size. > > The aim is to enable the user to estimate if the clipboard seems to be > reasonable without parsing it. As Joanna mentioned here [1], parsing is > potentially dangerous. So, this feature here could be a practicable > middle course. > > I know that this should not let the user feel safe. Even with this > feature, it's still potentially dangerous to copy from a less trusted VM > to a more trusted one. However, this feature could prevent some > malicious attacks in an easy way, independent from the trust to a VM. > > Let's say, a malware tries to put harmful code into the clipboard a > hundred times per second, thus, it'll override the users clipboard > content before pasting it and also before hitting Ctrl-Shift-C. Okay, I > have to admit that an even smarter malware might keep the size of the > big enough clipboard when putting its payload to it. > > Of course, the user should be "trained" in guessing the necessary > clipboard size before using that feature. A new "Estimating Clipboard > Size" documentation section or page, showing examples for ASCII plain > text, UTF-8 plain text, HTML text, images etc., could help. > > Besides that, it could be useful to show the size again after hitting > the magic hotkey Ctrl-Shift-V. > > > What do you think about it? > > Kind regards, > Tobias > > [1] https://groups.google.com/d/msg/qubes-devel/JJN9GZMmp5s/AW7gzjK1tEgJ >
Interesting idea. If I understand correctly, it would working something like this: I copy one sentence, and the dom0 notification says something like, "Copied X bytes to the clipboard." But if, instead, I copy one sentence, and the notification says, "Copied X *kilobytes* to the clipboard," then this tips me off that the VM from which I copied has replaced my single sentence with a large, potentially malicious payload. Is that the idea? - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZINccAAoJENtN07w5UDAwevAQAK61jRyny4RHIcaKgBdwmQ3b PUH9v+sri1E67WmN9JmKrYCzWTkxmPcX3FME8GOSNH472C9cG5Q8tqaLJivQf8nv vPy/8HK51mmFW3oeJeu6sBDPKBIyjB+XmE4UZmZc8jtouc7vRHP7NWLQacA9PC8C 9Ew9xdlrWinPkqY89k2fKTr55Vft4v717Owi3eBdmgVAdtWpSYrhCZ2OWu1Ly3zN A943rRTkhh70f7sRbY7/X1kzsHEZdhaIG+/KWVc1FDrIvdg8IRMuXNoK8bXTEfzi BO6sG5fDcasLzCAhpWD+q1UOIvxWOKLImUn4jvxdB5T1IpkAqRiYblzQzUlnPb2L zWzlvzfwdYtLc7/JAl6vYzBkqMu4l37yFHk/r9Bhl+QLwGG2MxXxbbMws4tRFqB/ 2w39jHVfDfo8MMPWzEcM8wJ5tZ61v6kOQymnEkr7kHcrzAT+AkpGwvRMMtZgZayB CgcL56eCIdeEZtC26phCE8fW/syUxzJE9PNlFejYUnGGbx/+Cy12Qjxmmzs5US/A cCsD7K4DzpOQD0cPGF20hgL0cO7/8Zt5RD2mO2T2bdM5iXOYv4RP23I03TIAKQIM AEIIpbcy0EKBDdUB5FbGAn4/hi3fBgSXfL5nH58s0rBAzeF45GZBsO8Z4UiWeKqD 4yRcMxj/fHG9GLT508Zc =+qOS -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/967f9aed-af72-94c3-75e0-2b9cbd88fab9%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
