Re: [qubes-users] Re: Moving dom0 screenshots immediately to VMs
W dniu piątek, 19 stycznia 2018 21:16:10 UTC+1 użytkownik Alex Dubois napisał:
> On Friday, 19 January 2018 19:37:43 UTC, Yethal wrote:
> > W dniu piątek, 19 stycznia 2018 20:00:27 UTC+1 użytkownik Alex Dubois
> > napisał:
> > > On Friday, 19 January 2018 17:52:41 UTC, Alex Dubois wrote:
> > > > On Friday, 19 January 2018 12:05:36 UTC, Tom Zander wrote:
> > > > > On Friday, 19 January 2018 12:48:27 CET wordswithn...@gmail.com wrote:
> > > > > > Qubes already has built-in the capability to screenshot the entire
> > > > > > desktop
> > > > > > (Printscreen) or the current window (Ctrl+Printscreen).
> > > > >
> > > > > Yes, it does.
> > > > >
> > > > > But this is not something you should use and then send to a VM
> > > > > becuase that
> > > > > VM then suddenly gets knowledge about all the other windows on screen
> > > > > that
> > > > > may be from another VM.
> > > >
> > > > Default should prevent, but user should have choice.
> > > >
> > > > >
> > > > > Imagine having your Vault VM window open with all your passwords and
> > > > > then
> > > > > you auto-upload a screenshot of that into a compromised VM which then
> > > > > causes
> > > > > the screenshot to be uploaded to a server.
> > > > >
> > > > > I'm not aware of any way to avoid this data-leakage using the
> > > > > screenshot
> > > > > application in dom0.
> > > > > --
> > > > > Tom Zander
> > > > > Blog: https://zander.github.io
> > > > > Vlog: https://vimeo.com/channels/tomscryptochannel
> > > >
> > > > XFCE (default Qubes Windows manager) provides a screenshot application
> > > > (Menu/System Tools/Screenshot activated with the PrintScreen Key as
> > > > well)
> > > > This launch a windows with:
> > > > - Region to capture (radio selection)
> > > > - Entire screen (selected by default)
> > > > - Active window
> > > > - Select a region
> > > > - Delay before capturing
> > > > - X seconds (default is 1)
> > > > - Capture mouse pointer
> > > > - Y/N (default Y)
> > > >
> > > > What I think needs to be done:
> > > > - Change the default for region to capture to "active window"
> > > > - Also
> > > > - hook into screenshot so that either
> > > > - when OK (or Enter key) is pressed
> > > > - the Save As dialog is replace by another one where you put the
> > > > VM name (and it goes into QubesIncoming in that VM, for Dom0 into
> > > > /home/user/screenshots)
> > > > - Dom0 Confirmation pop-up appear (same as usual copy/move
> > > > file) with a preview (TBC)?
> > > >OR - the Save As dialog has a kind of "network drive list" which is
> > > > the list of VMs that are running, and saving there save to
> > > > QubesIncoming for that VM. You have to prevent the create directory and
> > > > other stuff probably. Benefit is that it is probably re-usable for any
> > > > Dom0 apps which use the Save As window.
> > >
> > > OK for the impatient, this will send a screenshot of the current window
> > > to a VM (no selection of target VM for the moment):
> > >
> > > 1- Bind shortcut key:
> > > Click on: Menu/System Tools/Keyboard
> > > Click on: Application Shortcuts tab
> > > Click on Add
> > > Command: xfce4-screenshooter -w -o /usr/local/bin/screenshooter.sh
> > > Bind to Ctrl + Shift + PrintScreen (or whatever you want)
> > >
> > > 2- Create script that will copy the file to the target VM
> > > in Dom0 terminal
> > > sudo vi /usr/local/screenshooter.sh
> > >
> > > #!/bin/bash
> > > cat $1 qvm-run --pass-io "cat > /home/user/`echo $1 | awk -F'/'
> > > '{print $3}'`"
> > >
> > > where is the started VM that will receive the screenshot. You
> > > can obviously choose a path that user has write access to. You may want
> > > to clean the file that is save by default in /tmp by adding this line
> > > rm /tmp/`echo $1 | awk -F'/' '{print $3}'`"
> > >
> > > 3- Make the script executable
> > > sudo chmod a+x /usr/local/bin/screenshooter.sh
> >
> > there is the qvm-screenshot-tool. Is that not enough?
>
> Never heard of it. In which package is-it?
https://groups.google.com/forum/#!msg/qubes-users/rb3lQvcXkOY/sEQpsAFSAQAJ;context-place=forum/qubes-users
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/0379dbda-1cb0-474f-8148-d11f24aff821%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Moving dom0 screenshots immediately to VMs
On Friday, 19 January 2018 19:37:43 UTC, Yethal wrote:
> W dniu piątek, 19 stycznia 2018 20:00:27 UTC+1 użytkownik Alex Dubois napisał:
> > On Friday, 19 January 2018 17:52:41 UTC, Alex Dubois wrote:
> > > On Friday, 19 January 2018 12:05:36 UTC, Tom Zander wrote:
> > > > On Friday, 19 January 2018 12:48:27 CET wordswithn...@gmail.com wrote:
> > > > > Qubes already has built-in the capability to screenshot the entire
> > > > > desktop
> > > > > (Printscreen) or the current window (Ctrl+Printscreen).
> > > >
> > > > Yes, it does.
> > > >
> > > > But this is not something you should use and then send to a VM becuase
> > > > that
> > > > VM then suddenly gets knowledge about all the other windows on screen
> > > > that
> > > > may be from another VM.
> > >
> > > Default should prevent, but user should have choice.
> > >
> > > >
> > > > Imagine having your Vault VM window open with all your passwords and
> > > > then
> > > > you auto-upload a screenshot of that into a compromised VM which then
> > > > causes
> > > > the screenshot to be uploaded to a server.
> > > >
> > > > I'm not aware of any way to avoid this data-leakage using the
> > > > screenshot
> > > > application in dom0.
> > > > --
> > > > Tom Zander
> > > > Blog: https://zander.github.io
> > > > Vlog: https://vimeo.com/channels/tomscryptochannel
> > >
> > > XFCE (default Qubes Windows manager) provides a screenshot application
> > > (Menu/System Tools/Screenshot activated with the PrintScreen Key as well)
> > > This launch a windows with:
> > > - Region to capture (radio selection)
> > > - Entire screen (selected by default)
> > > - Active window
> > > - Select a region
> > > - Delay before capturing
> > > - X seconds (default is 1)
> > > - Capture mouse pointer
> > > - Y/N (default Y)
> > >
> > > What I think needs to be done:
> > > - Change the default for region to capture to "active window"
> > > - Also
> > > - hook into screenshot so that either
> > > - when OK (or Enter key) is pressed
> > > - the Save As dialog is replace by another one where you put the VM
> > > name (and it goes into QubesIncoming in that VM, for Dom0 into
> > > /home/user/screenshots)
> > > - Dom0 Confirmation pop-up appear (same as usual copy/move file)
> > > with a preview (TBC)?
> > >OR - the Save As dialog has a kind of "network drive list" which is
> > > the list of VMs that are running, and saving there save to QubesIncoming
> > > for that VM. You have to prevent the create directory and other stuff
> > > probably. Benefit is that it is probably re-usable for any Dom0 apps
> > > which use the Save As window.
> >
> > OK for the impatient, this will send a screenshot of the current window to
> > a VM (no selection of target VM for the moment):
> >
> > 1- Bind shortcut key:
> > Click on: Menu/System Tools/Keyboard
> > Click on: Application Shortcuts tab
> > Click on Add
> > Command: xfce4-screenshooter -w -o /usr/local/bin/screenshooter.sh
> > Bind to Ctrl + Shift + PrintScreen (or whatever you want)
> >
> > 2- Create script that will copy the file to the target VM
> > in Dom0 terminal
> > sudo vi /usr/local/screenshooter.sh
> >
> > #!/bin/bash
> > cat $1 qvm-run --pass-io "cat > /home/user/`echo $1 | awk -F'/'
> > '{print $3}'`"
> >
> > where is the started VM that will receive the screenshot. You can
> > obviously choose a path that user has write access to. You may want to
> > clean the file that is save by default in /tmp by adding this line
> > rm /tmp/`echo $1 | awk -F'/' '{print $3}'`"
> >
> > 3- Make the script executable
> > sudo chmod a+x /usr/local/bin/screenshooter.sh
>
> there is the qvm-screenshot-tool. Is that not enough?
Never heard of it. In which package is-it?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/6eee5e16-6440-428a-82ac-919ed3f7405a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Moving dom0 screenshots immediately to VMs
W dniu piątek, 19 stycznia 2018 20:00:27 UTC+1 użytkownik Alex Dubois napisał:
> On Friday, 19 January 2018 17:52:41 UTC, Alex Dubois wrote:
> > On Friday, 19 January 2018 12:05:36 UTC, Tom Zander wrote:
> > > On Friday, 19 January 2018 12:48:27 CET wordswithn...@gmail.com wrote:
> > > > Qubes already has built-in the capability to screenshot the entire
> > > > desktop
> > > > (Printscreen) or the current window (Ctrl+Printscreen).
> > >
> > > Yes, it does.
> > >
> > > But this is not something you should use and then send to a VM becuase
> > > that
> > > VM then suddenly gets knowledge about all the other windows on screen
> > > that
> > > may be from another VM.
> >
> > Default should prevent, but user should have choice.
> >
> > >
> > > Imagine having your Vault VM window open with all your passwords and then
> > > you auto-upload a screenshot of that into a compromised VM which then
> > > causes
> > > the screenshot to be uploaded to a server.
> > >
> > > I'm not aware of any way to avoid this data-leakage using the screenshot
> > > application in dom0.
> > > --
> > > Tom Zander
> > > Blog: https://zander.github.io
> > > Vlog: https://vimeo.com/channels/tomscryptochannel
> >
> > XFCE (default Qubes Windows manager) provides a screenshot application
> > (Menu/System Tools/Screenshot activated with the PrintScreen Key as well)
> > This launch a windows with:
> > - Region to capture (radio selection)
> > - Entire screen (selected by default)
> > - Active window
> > - Select a region
> > - Delay before capturing
> > - X seconds (default is 1)
> > - Capture mouse pointer
> > - Y/N (default Y)
> >
> > What I think needs to be done:
> > - Change the default for region to capture to "active window"
> > - Also
> > - hook into screenshot so that either
> > - when OK (or Enter key) is pressed
> > - the Save As dialog is replace by another one where you put the VM
> > name (and it goes into QubesIncoming in that VM, for Dom0 into
> > /home/user/screenshots)
> > - Dom0 Confirmation pop-up appear (same as usual copy/move file)
> > with a preview (TBC)?
> >OR - the Save As dialog has a kind of "network drive list" which is the
> > list of VMs that are running, and saving there save to QubesIncoming for
> > that VM. You have to prevent the create directory and other stuff probably.
> > Benefit is that it is probably re-usable for any Dom0 apps which use the
> > Save As window.
>
> OK for the impatient, this will send a screenshot of the current window to a
> VM (no selection of target VM for the moment):
>
> 1- Bind shortcut key:
> Click on: Menu/System Tools/Keyboard
> Click on: Application Shortcuts tab
> Click on Add
> Command: xfce4-screenshooter -w -o /usr/local/bin/screenshooter.sh
> Bind to Ctrl + Shift + PrintScreen (or whatever you want)
>
> 2- Create script that will copy the file to the target VM
> in Dom0 terminal
> sudo vi /usr/local/screenshooter.sh
>
> #!/bin/bash
> cat $1 qvm-run --pass-io "cat > /home/user/`echo $1 | awk -F'/'
> '{print $3}'`"
>
> where is the started VM that will receive the screenshot. You can
> obviously choose a path that user has write access to. You may want to clean
> the file that is save by default in /tmp by adding this line
> rm /tmp/`echo $1 | awk -F'/' '{print $3}'`"
>
> 3- Make the script executable
> sudo chmod a+x /usr/local/bin/screenshooter.sh
there is the qvm-screenshot-tool. Is that not enough?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/99833c61-b238-4f7b-9469-5a5078cd8fb3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Moving dom0 screenshots immediately to VMs
On Friday, 19 January 2018 17:52:41 UTC, Alex Dubois wrote:
> On Friday, 19 January 2018 12:05:36 UTC, Tom Zander wrote:
> > On Friday, 19 January 2018 12:48:27 CET wordswithn...@gmail.com wrote:
> > > Qubes already has built-in the capability to screenshot the entire desktop
> > > (Printscreen) or the current window (Ctrl+Printscreen).
> >
> > Yes, it does.
> >
> > But this is not something you should use and then send to a VM becuase that
> > VM then suddenly gets knowledge about all the other windows on screen that
> > may be from another VM.
>
> Default should prevent, but user should have choice.
>
> >
> > Imagine having your Vault VM window open with all your passwords and then
> > you auto-upload a screenshot of that into a compromised VM which then
> > causes
> > the screenshot to be uploaded to a server.
> >
> > I'm not aware of any way to avoid this data-leakage using the screenshot
> > application in dom0.
> > --
> > Tom Zander
> > Blog: https://zander.github.io
> > Vlog: https://vimeo.com/channels/tomscryptochannel
>
> XFCE (default Qubes Windows manager) provides a screenshot application
> (Menu/System Tools/Screenshot activated with the PrintScreen Key as well)
> This launch a windows with:
> - Region to capture (radio selection)
> - Entire screen (selected by default)
> - Active window
> - Select a region
> - Delay before capturing
> - X seconds (default is 1)
> - Capture mouse pointer
> - Y/N (default Y)
>
> What I think needs to be done:
> - Change the default for region to capture to "active window"
> - Also
> - hook into screenshot so that either
> - when OK (or Enter key) is pressed
> - the Save As dialog is replace by another one where you put the VM
> name (and it goes into QubesIncoming in that VM, for Dom0 into
> /home/user/screenshots)
> - Dom0 Confirmation pop-up appear (same as usual copy/move file) with
> a preview (TBC)?
>OR - the Save As dialog has a kind of "network drive list" which is the
> list of VMs that are running, and saving there save to QubesIncoming for that
> VM. You have to prevent the create directory and other stuff probably.
> Benefit is that it is probably re-usable for any Dom0 apps which use the Save
> As window.
OK for the impatient, this will send a screenshot of the current window to a VM
(no selection of target VM for the moment):
1- Bind shortcut key:
Click on: Menu/System Tools/Keyboard
Click on: Application Shortcuts tab
Click on Add
Command: xfce4-screenshooter -w -o /usr/local/bin/screenshooter.sh
Bind to Ctrl + Shift + PrintScreen (or whatever you want)
2- Create script that will copy the file to the target VM
in Dom0 terminal
sudo vi /usr/local/screenshooter.sh
#!/bin/bash
cat $1 qvm-run --pass-io "cat > /home/user/`echo $1 | awk -F'/'
'{print $3}'`"
where is the started VM that will receive the screenshot. You can
obviously choose a path that user has write access to. You may want to clean
the file that is save by default in /tmp by adding this line
rm /tmp/`echo $1 | awk -F'/' '{print $3}'`"
3- Make the script executable
sudo chmod a+x /usr/local/bin/screenshooter.sh
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/476d0c3b-7cff-4245-802f-a77815f15cbd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Moving dom0 screenshots immediately to VMs
On Friday, 19 January 2018 12:05:36 UTC, Tom Zander wrote: > On Friday, 19 January 2018 12:48:27 CET wordswithn...@gmail.com wrote: > > Qubes already has built-in the capability to screenshot the entire desktop > > (Printscreen) or the current window (Ctrl+Printscreen). > > Yes, it does. > > But this is not something you should use and then send to a VM becuase that > VM then suddenly gets knowledge about all the other windows on screen that > may be from another VM. Default should prevent, but user should have choice. > > Imagine having your Vault VM window open with all your passwords and then > you auto-upload a screenshot of that into a compromised VM which then causes > the screenshot to be uploaded to a server. > > I'm not aware of any way to avoid this data-leakage using the screenshot > application in dom0. > -- > Tom Zander > Blog: https://zander.github.io > Vlog: https://vimeo.com/channels/tomscryptochannel XFCE (default Qubes Windows manager) provides a screenshot application (Menu/System Tools/Screenshot activated with the PrintScreen Key as well) This launch a windows with: - Region to capture (radio selection) - Entire screen (selected by default) - Active window - Select a region - Delay before capturing - X seconds (default is 1) - Capture mouse pointer - Y/N (default Y) What I think needs to be done: - Change the default for region to capture to "active window" - Also - hook into screenshot so that either - when OK (or Enter key) is pressed - the Save As dialog is replace by another one where you put the VM name (and it goes into QubesIncoming in that VM, for Dom0 into /home/user/screenshots) - Dom0 Confirmation pop-up appear (same as usual copy/move file) with a preview (TBC)? OR - the Save As dialog has a kind of "network drive list" which is the list of VMs that are running, and saving there save to QubesIncoming for that VM. You have to prevent the create directory and other stuff probably. Benefit is that it is probably re-usable for any Dom0 apps which use the Save As window. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/debe5877-ca0e-4d90-a4d4-f637f82c395d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Moving dom0 screenshots immediately to VMs
On Friday, 19 January 2018 12:48:27 CET wordswithn...@gmail.com wrote: > Qubes already has built-in the capability to screenshot the entire desktop > (Printscreen) or the current window (Ctrl+Printscreen). Yes, it does. But this is not something you should use and then send to a VM becuase that VM then suddenly gets knowledge about all the other windows on screen that may be from another VM. Imagine having your Vault VM window open with all your passwords and then you auto-upload a screenshot of that into a compromised VM which then causes the screenshot to be uploaded to a server. I'm not aware of any way to avoid this data-leakage using the screenshot application in dom0. -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/10316388.tD1Ru9rIBq%40mail. For more options, visit https://groups.google.com/d/optout.
