Re: [qubes-users] Re: Opening links in your preferred AppVM
On Monday, August 21, 2017 at 11:14:15 AM UTC-4, John Maher wrote: > On Tuesday, May 2, 2017 at 1:14:47 PM UTC-4, Gaiko wrote: > > Thanks for the reply! > > > > > > my ~/.local/share/applications/mimeapps.list is a bit different than yours, > > really I was most interested in it handling http/https > > > > > > [Default Applications] > > text/html=open_work_vm.desktop > > x-scheme-handler/http=open_work_vm.desktop > > x-scheme-handler/https=open_work_vm.desktop > > x-scheme-handler/about=open_work_vm.desktop > > x-scheme-handler/unknown=open_work_vm.desktop > > > > > > I tried just copying/pasting yours into mine (just for kicks) but that > > didn't work either :( > > > > > > > > > > > > > > On Tue, May 2, 2017 at 4:36 AM, wrote: > > Gaiko[2017-05-02 03:36 +0200]: > > > > > > What happens if you run `qvm-open-in-vm work https://qubes-os.org` in > > > > > > tbirdVM > > > > > > > > > > it seems to work just fine that way > > > > > > > > > > > and when you run xdg-open https://qubes-os.org in the work VM > > > > > > (without the quotes)? > > > > > > > > > > ok, xdg-open I hadn't tried. But regardless this seems to work fine as > > > well. > > > > > > > > Good! That means qvm-open-in-vm (sending the link to the work VM and > > > > telling it to open it) and opening it internally in the work VM > > > > works as intended. > > > > > > > > What does ~/.local/share/applications/mimeapps.list in tbird look like? > > > > It should look like this (from the mentioned how-to): > > > > > > > > [Default Applications] > > > > x-scheme-handler/unknown=open_work_vm.desktop > > > > x-scheme-handler/about=open_work_vm.desktop > > > > x-scheme-handler/http=open_work_vm.desktop > > > > x-scheme-handler/https=open_work_vm.desktop > > > > text/html=open_work_vm.desktop > > > > text/xml=open_work_vm.desktop > > > > image/gif=open_work_vm.desktop > > > > image/jpeg=open_work_vm.desktop > > > > image/png=open_work_vm.desktop > > > > application/xhtml+xml=open_work_vm.desktop > > > > application/xml=open_work_vm.desktop > > > > application/vnd.mozilla.xul+xml=open_work_vm.desktop > > > > application/rss+xml=open_work_vm.desktop > > > > application/rdf+xml=open_work_vm.desktop > > > > > > > > Remove the lines for any MIME types you don't want to open with your > > > > work VM. > > > > > > > > -- > > > > ubestemt > > Gaiko, did you get this to work? I have the exact same experience. And > placing the files in /usr/share/applications did not help. > > When running "desktop-file-validate browser_vm.desktop" from ~/. I get "file > does not exist". From ~/.local/share/applications I get 'browser_vm.desktop: > warning: key "Encoding" in group "Desktop Entry" is deprecated', similar to > you. > > Thanks. > John Well, I got this to work mostly as desired. Turns out that even after running "xdg-settings set default-web-browser browser_vm.desktop" (and confirmed with "xdg-settings get default-web-browser"), I had to remove all .desktop files in the working VM (not the browser VM) related to Chrome and Firefox. That included files located in ~/.local/share/applications and in /usr/share/applications. Unfortunately, I really want to use Firefox in the browser VM, but only Chrome will launch. Still working on addressing that. John -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9bc3c2b2-32f4-45c7-b1d9-8f9a6e809f76%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
On Tuesday, May 2, 2017 at 1:14:47 PM UTC-4, Gaiko wrote: > Thanks for the reply! > > > my ~/.local/share/applications/mimeapps.list is a bit different than yours, > really I was most interested in it handling http/https > > > [Default Applications] > text/html=open_work_vm.desktop > x-scheme-handler/http=open_work_vm.desktop > x-scheme-handler/https=open_work_vm.desktop > x-scheme-handler/about=open_work_vm.desktop > x-scheme-handler/unknown=open_work_vm.desktop > > > I tried just copying/pasting yours into mine (just for kicks) but that didn't > work either :( > > > > > > > On Tue, May 2, 2017 at 4:36 AM, wrote: > Gaiko[2017-05-02 03:36 +0200]: > > > > What happens if you run `qvm-open-in-vm work https://qubes-os.org` in > > > > tbirdVM > > > > > > it seems to work just fine that way > > > > > > > and when you run xdg-open https://qubes-os.org in the work VM > > > > (without the quotes)? > > > > > > ok, xdg-open I hadn't tried. But regardless this seems to work fine as well. > > > > Good! That means qvm-open-in-vm (sending the link to the work VM and > > telling it to open it) and opening it internally in the work VM > > works as intended. > > > > What does ~/.local/share/applications/mimeapps.list in tbird look like? > > It should look like this (from the mentioned how-to): > > > > [Default Applications] > > x-scheme-handler/unknown=open_work_vm.desktop > > x-scheme-handler/about=open_work_vm.desktop > > x-scheme-handler/http=open_work_vm.desktop > > x-scheme-handler/https=open_work_vm.desktop > > text/html=open_work_vm.desktop > > text/xml=open_work_vm.desktop > > image/gif=open_work_vm.desktop > > image/jpeg=open_work_vm.desktop > > image/png=open_work_vm.desktop > > application/xhtml+xml=open_work_vm.desktop > > application/xml=open_work_vm.desktop > > application/vnd.mozilla.xul+xml=open_work_vm.desktop > > application/rss+xml=open_work_vm.desktop > > application/rdf+xml=open_work_vm.desktop > > > > Remove the lines for any MIME types you don't want to open with your > > work VM. > > > > -- > > ubestemt Gaiko, did you get this to work? I have the exact same experience. And placing the files in /usr/share/applications did not help. When running "desktop-file-validate browser_vm.desktop" from ~/. I get "file does not exist". From ~/.local/share/applications I get 'browser_vm.desktop: warning: key "Encoding" in group "Desktop Entry" is deprecated', similar to you. Thanks. John -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/80c01987-e9a2-457c-9e14-69e26ff35f19%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
I'm thinking an attacker could: 1 Take control of the VM through any given means, and gain the ability to edit the .desktop file 2 Alter the desktop file so that it opens a malware URL in the VM dedicated to web browsing 3 Send information from the Thunderbird VM to the less-trusted web browsing VM via coding in the URL The weakness is you're giving a persistent, user-editable file permission to control another VM - and the Qubes messaging service doesn't tell you exactly what action you are approving, and might even be set to "Yes to All" allowing transparent control by malware. If you DON'T set "Yes to All", then you are queried every time you open a webpage, and if you don't read every approval carefully an attacker could force a third, higher-trust VM to open a malware URL. Your suggestion re: /usr/share/applications is good though, I think that would mitigate some of the risk. On Wed, May 3, 2017 at 4:41 AM, wrote: > wordswithn...@gmail.com[2017-05-02 17:07 > +0200]: > > Any thoughts (Micah or the community), on whether this creates an > > avenue for persistent compromise of a VM? > > > > Maybe there's a way to make this change persistent from the > > TemplateVM, eg store the .desktop file outside /home and create a > > symlink in to it? > > > > I'm a little wary of adding a handler for http/https links that > > resides in /home. > > You can move both the *.desktop file(s) and mimeapps.list to > /usr/share/applications/ > > But I don't see how this measure alone will make your VMs more or less > secure. > > -- > ubestemt > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABtR2JJ%2BWQyN%2BctwigvA4cGmALZZuqRf9V3JZD3Tija-Qus0Gw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
wordswithn...@gmail.com[2017-05-02 17:07 +0200]: > Any thoughts (Micah or the community), on whether this creates an > avenue for persistent compromise of a VM? > > Maybe there's a way to make this change persistent from the > TemplateVM, eg store the .desktop file outside /home and create a > symlink in to it? > > I'm a little wary of adding a handler for http/https links that > resides in /home. You can move both the *.desktop file(s) and mimeapps.list to /usr/share/applications/ But I don't see how this measure alone will make your VMs more or less secure. -- ubestemt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170503084155.uvdzja56gybet3pc%40bestemt.no. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
Thanks for the reply! my ~/.local/share/applications/mimeapps.list is a bit different than yours, really I was most interested in it handling http/https [Default Applications] text/html=open_work_vm.desktop x-scheme-handler/http=open_work_vm.desktop x-scheme-handler/https=open_work_vm.desktop x-scheme-handler/about=open_work_vm.desktop x-scheme-handler/unknown=open_work_vm.desktop I tried just copying/pasting yours into mine (just for kicks) but that didn't work either :( On Tue, May 2, 2017 at 4:36 AM, wrote: > Gaiko[2017-05-02 03:36 +0200]: > > > What happens if you run `qvm-open-in-vm work https://qubes-os.org` in > > > tbirdVM > > > > it seems to work just fine that way > > > > > and when you run xdg-open https://qubes-os.org in the work VM > > > (without the quotes)? > > > > ok, xdg-open I hadn't tried. But regardless this seems to work fine as > well. > > Good! That means qvm-open-in-vm (sending the link to the work VM and > telling it to open it) and opening it internally in the work VM > works as intended. > > What does ~/.local/share/applications/mimeapps.list in tbird look like? > It should look like this (from the mentioned how-to): > > [Default Applications] > x-scheme-handler/unknown=open_work_vm.desktop > x-scheme-handler/about=open_work_vm.desktop > x-scheme-handler/http=open_work_vm.desktop > x-scheme-handler/https=open_work_vm.desktop > text/html=open_work_vm.desktop > text/xml=open_work_vm.desktop > image/gif=open_work_vm.desktop > image/jpeg=open_work_vm.desktop > image/png=open_work_vm.desktop > application/xhtml+xml=open_work_vm.desktop > application/xml=open_work_vm.desktop > application/vnd.mozilla.xul+xml=open_work_vm.desktop > application/rss+xml=open_work_vm.desktop > application/rdf+xml=open_work_vm.desktop > > Remove the lines for any MIME types you don't want to open with your > work VM. > > -- > ubestemt > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAGpWZxNW_CS6qAgHBvya3xVPUz418DX2rq4Dp06QUtsxcSH%2BYQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
Gaiko[2017-05-02 03:36 +0200]: > > What happens if you run `qvm-open-in-vm work https://qubes-os.org` in > > tbirdVM > > it seems to work just fine that way > > > and when you run xdg-open https://qubes-os.org in the work VM > > (without the quotes)? > > ok, xdg-open I hadn't tried. But regardless this seems to work fine as well. Good! That means qvm-open-in-vm (sending the link to the work VM and telling it to open it) and opening it internally in the work VM works as intended. What does ~/.local/share/applications/mimeapps.list in tbird look like? It should look like this (from the mentioned how-to): [Default Applications] x-scheme-handler/unknown=open_work_vm.desktop x-scheme-handler/about=open_work_vm.desktop x-scheme-handler/http=open_work_vm.desktop x-scheme-handler/https=open_work_vm.desktop text/html=open_work_vm.desktop text/xml=open_work_vm.desktop image/gif=open_work_vm.desktop image/jpeg=open_work_vm.desktop image/png=open_work_vm.desktop application/xhtml+xml=open_work_vm.desktop application/xml=open_work_vm.desktop application/vnd.mozilla.xul+xml=open_work_vm.desktop application/rss+xml=open_work_vm.desktop application/rdf+xml=open_work_vm.desktop Remove the lines for any MIME types you don't want to open with your work VM. -- ubestemt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170502083645.vmx5y22htyf2xxhu%40bestemt.no. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
On 2017-05-01 at 18:32 -0700, Gaiko wrote: > On Monday, May 1, 2017 at 6:40:40 PM UTC-4, Ángel wrote: > > On 2017-05-01 at 12:34 -0700, Gaiko wrote: > > > Thoughts? > > > > Does your desktop file validate? > > ie. run: desktop-file-validate open_work_vm.desktop > > > > If the desktop file is malformed, it will be bypassed silently. > > Thx for the reponse, I had no idea about desktop-file-validation. I tried it > and got: > > open_work_vm.desktop: warning: key "Encoding" in group "Desktop Entry" is > deprecated > > somehow that doesn't seem like a dealbreaker? but am not sure. No, if it only reports that it should be fine. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1493689095.4874.0.camel%4016bits.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
On Monday, May 1, 2017 at 4:37:37 PM UTC-4, u+q...@bestemt.no wrote: > Gaiko [2017-05-01 21:34 +0200]: > > On Wednesday, June 22, 2016 at 2:38:22 PM UTC-4, Micah Lee wrote: > > > I published a quick blog post explaining how I do this: > > > > > > https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/ > > > > This would be awesome, I gave it a try but for some reason can't seem to > > get it to work, that is getting a link from an email in tbird to open up in > > a browser in my work vm. > > > > I created an ~/.local/share/applications/open_work_vm.desktop > > > > edited the exec line: > > > > [Desktop Entry] > > Encoding=UTF-8 > > Name=WorkBrowserVM > > Exec=qvm-open-in-vm work %u > > Terminal=false > > X-MultipleArgs=false > > Type=Application > > Categories=Network;WebBrowser; > > MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https; > > > > ran xdg-settings: > > > > xdg-settings set default-web-browser open_work_vm.desktop > > > > (it created a mimeapps.list file) then tried it, nada. > > > > I tried restarting the browser, then the tbirdVM, then the workvm, each > > time clicking on the link in the email in tbird and hoping the default > > browser (firefox) would pop up in my workVM. Instead nothing happened, the > > workVM didn't start up, firefox didn't open up (when I pre-started the work > > vm), and a tab didn't pop up when the workvm and ff were both pre-started. > > > > I would really like to get this working for a variety of reasons, actually > > the absolute best would be to click on a link in tbird (or right click in a > > browser) and have a menu that gave a few options of where I'd like to open > > a page up like in a dispvm, anonvm, or just another regular appvm. > > > > Thoughts? > I will reply to your comments and then go read your how-to (i fear it might be over my head as I am an absolute desktop/qvm-open-in-vm noob but I am sure it will be a good start!) > What happens if you run `qvm-open-in-vm work https://qubes-os.org` in > tbirdVM it seems to work just fine that way > and when you run xdg-open https://qubes-os.org in the work VM > (without the quotes)? ok, xdg-open I hadn't tried. But regardless this seems to work fine as well. > > I actually just finished a how-to on setting default applications and > qvm-open-in-(d)vm: > https://github.com/QubesOS/qubes-doc/pull/379/files?short_path=83ca4e2#diff-83ca4e28de9bcee331783522a52c2bd0 > (Any comments would be appreciated.) > > -- > ubestemt wil check it out! -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/3a5da29d-61ad-4d27-96c2-8f7bffe13396%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
On 2017-05-01 at 12:34 -0700, Gaiko wrote: > Thoughts? Does your desktop file validate? ie. run: desktop-file-validate open_work_vm.desktop If the desktop file is malformed, it will be bypassed silently. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1493678423.908.12.camel%4016bits.net. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
Gaiko[2017-05-01 21:34 +0200]: > On Wednesday, June 22, 2016 at 2:38:22 PM UTC-4, Micah Lee wrote: > > I published a quick blog post explaining how I do this: > > > > https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/ > > This would be awesome, I gave it a try but for some reason can't seem to get > it to work, that is getting a link from an email in tbird to open up in a > browser in my work vm. > > I created an ~/.local/share/applications/open_work_vm.desktop > > edited the exec line: > > [Desktop Entry] > Encoding=UTF-8 > Name=WorkBrowserVM > Exec=qvm-open-in-vm work %u > Terminal=false > X-MultipleArgs=false > Type=Application > Categories=Network;WebBrowser; > MimeType=x-scheme-handler/unknown;x-scheme-handler/about;text/html;text/xml;application/xhtml+xml;application/xml;application/vnd.mozilla.xul+xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https; > > ran xdg-settings: > > xdg-settings set default-web-browser open_work_vm.desktop > > (it created a mimeapps.list file) then tried it, nada. > > I tried restarting the browser, then the tbirdVM, then the workvm, each time > clicking on the link in the email in tbird and hoping the default browser > (firefox) would pop up in my workVM. Instead nothing happened, the workVM > didn't start up, firefox didn't open up (when I pre-started the work vm), and > a tab didn't pop up when the workvm and ff were both pre-started. > > I would really like to get this working for a variety of reasons, actually > the absolute best would be to click on a link in tbird (or right click in a > browser) and have a menu that gave a few options of where I'd like to open a > page up like in a dispvm, anonvm, or just another regular appvm. > > Thoughts? What happens if you run `qvm-open-in-vm work https://qubes-os.org` in tbirdVM and when you run xdg-open https://qubes-os.org in the work VM (without the quotes)? I actually just finished a how-to on setting default applications and qvm-open-in-(d)vm: https://github.com/QubesOS/qubes-doc/pull/379/files?short_path=83ca4e2#diff-83ca4e28de9bcee331783522a52c2bd0 (Any comments would be appreciated.) -- ubestemt -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20170501203516.7g4j6dugiioq7afz%40bestemt.no. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Opening links in your preferred AppVM
On Thu, Jun 23, 2016 at 2:51 AM,wrote: > On Wednesday, June 22, 2016 at 2:38:22 PM UTC-4, Micah Lee wrote: > > I published a quick blog post explaining how I do this: > > > > > https://micahflee.com/2016/06/qubes-tip-opening-links-in-your-preferred-appvm/ > > cool! thanks! > Nice and simple. Thanks for sharing. Alex -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAEe-%3DTekQ-VZMZ-CfSSyjRYjgvyeWJjkYV0ZG7kUbj2vHKkMbQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.