[qubes-users] How do you think about the clipboard inter-VMs

Tue, 05 Jan 2021 20:04:13 -0800 


Hello,


I wonder how do you manage your computing life with the problem of 
the clipboard / file sharing.


The documentation states :
https://www.qubes-os.org/doc/copy-paste/

“However, one should keep in mind that performing a copy and paste 
operation from less trusted to more trusted qube is always 
potentially insecure, since the data that we copy could exploit 
some hypothetical bug in the target qube. For example, the 
seemingly-innocent link that we copy from an untrusted qube could 
turn out to be a large buffer of junk that, when pasted into the 
target qube’s word processor, could exploit a hypothetical bug in 
the undo buffer. This is a general problem and applies to any data 
transfer from less trusted to more trusted qubes. It even applies 
to copying files between physically separate (air-gapped) 
machines. Therefore, you should always copy clipboard data only 
from more trusted to less trusted qubes.”



Also I remember a paper of Joanna Rutkowska assuming the same 
principles.



I guess most of us cheats theses rules sometimes ;
if one deploys post-installation scripts in dom0,
or takes notes in a vault and wants to copy in that URL,
or maybe wants to take that snippet into that template ...

I am curious to know how you think about it.


I would like to let the least possible of my data in the VMs which 
are exposed to the network. This, with the fact the ressources of 
my computer are limited, unfortunally may leads to open breaches 
in the comportamentalisation :
Now I have a vault where I takes notes and needs to paste things 
into it. I can't afford using a vault for each new context and it 
will not solve the issue of the clipboard.
Maybe I should just stick to the idea of one context equal one VM, 
and refine what I think is pertinent to put on the word ‘context’.



Otherwise, Is there really nothing one can do to enforce the 
integrity of a piece of text ?
Like using an OCR from dom0 to retranscript an screenshoot of a 
less trusted VM (is that dumb or also somehow flawed or just so 
loud nobody wants it) ?


--

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/878s96aezi.fsf%40host.localdomain.






















					Reply via email to