Well, it depends:
* When pasting to terminal, you should always think twice. (This BTW also
holds for pasting a text copied from a webpage to a terminal – the webpage
might let you copy something else that you can see…)
* When pasting to a text editor with highlighting, there is some risk of a
vulnerability in the text editor.
* When pasting to a text editor with no highlighting etc., the risk is
probably quite low.
Well, you could have an application that actively monitors clipboard and
processes it in a vulnerable way. I don't think this is much likely, but it
is possible in theory.
On OCR: I am not sure how could it help. Maybe it could limit the character
set and let you review the copied text. Cool, but I believe this can be
done in some much easier ways…
@stevenlc: Nation State Adversary has a good acronym…
Vít Šesták 'v6ak'
On Wednesday, January 6, 2021 at 5:04:13 AM UTC+1 pillule wrote:
>
> Hello,
>
> I wonder how do you manage your computing life with the problem of
> the clipboard / file sharing.
>
> The documentation states :
> https://www.qubes-os.org/doc/copy-paste/
> “However, one should keep in mind that performing a copy and paste
> operation from less trusted to more trusted qube is always
> potentially insecure, since the data that we copy could exploit
> some hypothetical bug in the target qube. For example, the
> seemingly-innocent link that we copy from an untrusted qube could
> turn out to be a large buffer of junk that, when pasted into the
> target qube’s word processor, could exploit a hypothetical bug in
> the undo buffer. This is a general problem and applies to any data
> transfer from less trusted to more trusted qubes. It even applies
> to copying files between physically separate (air-gapped)
> machines. Therefore, you should always copy clipboard data only
> from more trusted to less trusted qubes.”
>
> Also I remember a paper of Joanna Rutkowska assuming the same
> principles.
>
>
> I guess most of us cheats theses rules sometimes ;
> if one deploys post-installation scripts in dom0,
> or takes notes in a vault and wants to copy in that URL,
> or maybe wants to take that snippet into that template ...
>
> I am curious to know how you think about it.
>
> I would like to let the least possible of my data in the VMs which
> are exposed to the network. This, with the fact the ressources of
> my computer are limited, unfortunally may leads to open breaches
> in the comportamentalisation :
> Now I have a vault where I takes notes and needs to paste things
> into it. I can't afford using a vault for each new context and it
> will not solve the issue of the clipboard.
> Maybe I should just stick to the idea of one context equal one VM,
> and refine what I think is pertinent to put on the word ‘context’.
>
> Otherwise, Is there really nothing one can do to enforce the
> integrity of a piece of text ?
> Like using an OCR from dom0 to retranscript an screenshoot of a
> less trusted VM (is that dumb or also somehow flawed or just so
> loud nobody wants it) ?
>
> --
>
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/f3d7cf35-2561-4a6d-a7a5-fefc1f0ce68cn%40googlegroups.com.
