-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Tue, Feb 20, 2018 at 04:27:16PM +0100, Tom Zander wrote:
> On Tuesday, 20 February 2018 14:04:03 CET Wojtek Porczyk wrote:
> > On Tue, Feb 20, 2018 at 01:21:30PM +0100, 'Tom Zander' via qubes-devel
> wrote:
> > > On Tuesday, 20 February 2018 01:49:37 CET Marek Marczykowski-Górecki
> wrote:
> > > > We've decided to deprecate the '$' character from qrexec-related
> > > > usage.
> > > > Instead, to denote special tokens, we will use the '@' character,
> > > > which we believe is less likely to be interpreted in a special way
> > > > by the relevant software.
> > >
> > > I would argue against the @ sign on account that it is a special
> > > character in bash as well.
> > >
> > > I don't immediately see a way to exploit it, but why risk it?
> >
> > We absolutely need a special character that is not allowed in qube name to
> > make the special tokens immediately obvious in policy. The process I used
> > was to list available characters (POSIX Portable Character Set [1])
> []
> > If I missed something, could you please point out? I know shell just good
> > enough to know that it's not possible to know every shell quirk. :)
>
> The thing you have to rememeber is that the escape character never needs to
> be typed by the user.
> In QRexec you are defining an API, applications like qvm-run are using that
> API. What the user passes into qvm-run and what is actually sent to dom0
> does not have to be identical.
> I guess you do the translation currently as well; '$' turns into '@' in your
> new code.
>
> The consequence of this is that you don't have to limit yourself to the
> posix list.
> Using the portable characters set for a non-character simply isn't needed.
>
> So, knowing that your API is actually based on 8-bit characters and not 7
> bits which you are limiting yourself to, my suggestion is to take something
> above 127 and below 256 as a special char.
> Most fun one would be “ÿ” which is a normal character you can pass on a
> shell script if you must, its actual byte-value is 0xFF
Thank you for the suggestion, but I don't think it's correct.
The character has to be input in at least two places: in /etc/qubes-rpc/policy
as the second token (destination) on the line and as argument to
qrexec-client[-vm] executable. Using any of the common editors, any
language-specific keyboard layout, and any common encoding. Most people have
UTF-8, or ISO-8859-*, but we don't exclude the possibility to have admin qube
on Windows -- there was at least one serious attempt -- so this brings UTF-16
and Windows-125*.
As and example, may I use ÿ character you provided:
1) You're right the codepoint is U+00FF, but UTF-8 encoding is actually
"\xc3\xbf", so no, we cannot use it.
2) I don't have it on my keyboard. So anytime I have to input one of those
characters, I search all the modifiers for the right one (ý? no. ŷ? neither.
ỹ? my font has trouble with that, is that even a letter? ý? tried this one
already...). I don't have real data, but I think most people don't even know
where to start looking for this and in the optimistic case will end up
sourcing it from gucharmap or equivalent. This is bad UX.
Maybe there is a character outside portable charset that is portable and
writable enough, but I don't know of any. I haven't thought there is hope
enough to actually find one, so I didn't bother searching. That's why I've
asked.
Again, thanks for your review. I think it's helpful, because this change was
made behind community's back (for obvious reasons), fast, and in very limited
group of people. I wasn't sure if we didn't make some mistake, so the best
what I could hope for was to explain myself and get ex post facto review,
which you provided.
- --
pozdrawiam / best regards _.-._
Wojtek Porczyk .-^' '^-.
Invisible Things Lab |'-.-^-.-'|
| | | |
I do not fear computers, | '-.-' |
I fear lack of them. '-._ : ,-'
-- Isaac Asimov `^-^-_>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJajVQEAAoJEL9r2TIQOiNRpbUQAJjEEAk+rKZOrFjjMkG3WQem
/KNCL9gfVt3T6/keBBuEwfX3XcOIiO/FBWNfcf6dxeBGGcMHHQn0pd4Ucj/HZw8b
0/s63gjXH+ru7m4x2VW/3uDI4igkic6UUYPVHDB0sQtbTvGGWsr5pPJxcx7JgbwX
+mJmDgt7i/9Y3lAGEva5ex+q7WG4hJd8ArgnJGAVnp7MrTgIduHW1/2QufC6uvvE
gRRc3gbZK5FkT5Yg38UumE4sNcmnV0Nvu3m+o/g/cBcEER7wO81XW6TKFj0Ok/Bg
Ostsov9NwO3iGv0usSUvMKfw7Aac3VK9SsW0r5sxA/QFe9jVvasVnmvIrxTRwwL+
W+gP5piagxgphLhUcR6LwyEhRPWzb06iDaaztXnLXyInWFEGdei1ATmlQNI0Rmno
pNh/QLQqS6YF+hAl8LxSkOj3tjcg7MTYl00y9Z6ePJRUDA84s1hlWT43agWNN4L3
SX55/UzTU8DlhcduL3WmY6DVIKKlfE2Q82VorkprY6i/u/d7fdCblYLOtatZh2JB
OK1ZFOprRlAJodYQMUws7o8cDgY3LxfgKX45PC23DJG6o5CDM+WoqmUw72uxMFft
jRE299HwUV3qfzxm9/bjLPJqgnP+nSFnY/4J02iHUQxkg3Xb9ibKxFmTWhnf78zd
REwcpFmrrjnrVVy14CZ2
=wkxM
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20180221111205.GM1198%40invisiblethingslab.com.
For more options, visit https://groups.google.com/d/optout.
