Well, it depends: * When pasting to terminal, you should always think twice. (This BTW also holds for pasting a text copied from a webpage to a terminal – the webpage might let you copy something else that you can see…) * When pasting to a text editor with highlighting, there is some risk of a vulnerability in the text editor. * When pasting to a text editor with no highlighting etc., the risk is probably quite low.
Well, you could have an application that actively monitors clipboard and processes it in a vulnerable way. I don't think this is much likely, but it is possible in theory. On OCR: I am not sure how could it help. Maybe it could limit the character set and let you review the copied text. Cool, but I believe this can be done in some much easier ways… @stevenlc: Nation State Adversary has a good acronym… Vít Šesták 'v6ak' On Wednesday, January 6, 2021 at 5:04:13 AM UTC+1 pillule wrote: > > Hello, > > I wonder how do you manage your computing life with the problem of > the clipboard / file sharing. > > The documentation states : > https://www.qubes-os.org/doc/copy-paste/ > “However, one should keep in mind that performing a copy and paste > operation from less trusted to more trusted qube is always > potentially insecure, since the data that we copy could exploit > some hypothetical bug in the target qube. For example, the > seemingly-innocent link that we copy from an untrusted qube could > turn out to be a large buffer of junk that, when pasted into the > target qube’s word processor, could exploit a hypothetical bug in > the undo buffer. This is a general problem and applies to any data > transfer from less trusted to more trusted qubes. It even applies > to copying files between physically separate (air-gapped) > machines. Therefore, you should always copy clipboard data only > from more trusted to less trusted qubes.” > > Also I remember a paper of Joanna Rutkowska assuming the same > principles. > > > I guess most of us cheats theses rules sometimes ; > if one deploys post-installation scripts in dom0, > or takes notes in a vault and wants to copy in that URL, > or maybe wants to take that snippet into that template ... > > I am curious to know how you think about it. > > I would like to let the least possible of my data in the VMs which > are exposed to the network. This, with the fact the ressources of > my computer are limited, unfortunally may leads to open breaches > in the comportamentalisation : > Now I have a vault where I takes notes and needs to paste things > into it. I can't afford using a vault for each new context and it > will not solve the issue of the clipboard. > Maybe I should just stick to the idea of one context equal one VM, > and refine what I think is pertinent to put on the word ‘context’. > > Otherwise, Is there really nothing one can do to enforce the > integrity of a piece of text ? > Like using an OCR from dom0 to retranscript an screenshoot of a > less trusted VM (is that dumb or also somehow flawed or just so > loud nobody wants it) ? > > -- > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f3d7cf35-2561-4a6d-a7a5-fefc1f0ce68cn%40googlegroups.com.
