[email protected]:
> On Wednesday, June 28, 2017 at 10:07:04 AM UTC-4, qubenix wrote:
>> qubenix:
>>> [email protected]:
>>>> I want to copy network connection profiles from sys-net to 
>>>> sys-net-profiles as my computer shuts down.
>>>>
>>>> I'm creating a bash script in dom0 to help with this.
>>>>
>>>> I could use 
>>>>
>>>> qvm-run -ap sys-net "sudo qvm-copy-to-vm sys-net-profiles 
>>>> /etc/NetworkManager/system-connections/*"
>>>>
>>>> ...but that will spawn a dom0 confirmation dialogue that I'd rather avoid 
>>>> (after all, dom0 is initiating the copy).
>>>>
>>>> I could "allow" qubes.Filecopy from sys-net -> sys-net-profiles, but I 
>>>> don't want to trust sys-net to initiate this copy on its own.
>>>>
>>>> Is there any way to directly copy files from one VM to another, executed 
>>>> directly from dom0?
>>>>
>>>
>>> Not sure if it's the best solution, but this should work for avoiding
>>> prompt (briefly tested):
>>>
>>> for i in $(qvm-run -a -p -u root sys-net "ls
>>> /etc/NetworkManager/system-connections/"); do qvm-run -a -p -u root "cat
>>> /etc/NetworkManager/system-connections/$i" > $i; qvm-move-to-vm
>>> sys-net-profiles $i; done
>>>
>>
>> Oops small typo (forgot to name "sys-net" one time). Fixed:
>>
>> for i in $(qvm-run -a -p -u root sys-net "ls
>> /etc/NetworkManager/system-connections/"); do qvm-run -a -p -u root
>> sys-net "cat /etc/NetworkManager/system-connections/$i" > $i;
>> qvm-move-to-vm sys-net-profiles $i; done
>>
>> -- 
>> qubenix
>> GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500
> 
> How much of a risk do you think this is, passing the file contents through 
> dom0 via qvm-run -ap?
> 

Yeah, this is moderately secure IMHO. You are copying everything from
/etc/NetworkManager/system-connections dir to dom0 before being moved to
destination vm without check. So theoretically something malicious could
be placed there. However, I don't see how it would be executed in dom0
(should the file be malicious). I took no consideration for security,
only to solve the problem of prompt.

-- 
qubenix
GPG: B536812904D455B491DCDCDD04BE1E61A3C2E500

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5eef3931-4ff7-3f87-22f0-450353c8b47f%40riseup.net.
For more options, visit https://groups.google.com/d/optout.

Reply via email to