Re: [virt-tools] Feature Request - Secure clipboard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2015-04-27 10:35, Uri Lublin wrote:
On 04/27/2015 11:38 AM, Frediano Ziglio wrote:

A secure clipboard is nice to have becuase there's no tradeoff between convenience and safety. A vm can read the global clipboard only when you want it. The Xen based Qubes has it and I don't see why KVM's spice and
libvirt can't. Here is how they did it:


slide 10 from

https://events.linuxfoundation.org/sites/events/files/slides/LinuxCon_2014_Qubes_Tutorial.pdf

Challenge: copy clipboard from VM “Alice” to VM “Bob”, don’t let VM
“Mallory” to learn
its content in the meantime

Solved by introducing Qubes “global clipboard” to/from which copy/paste is
explicitly
controlled by the user (Ctrl-Shift-C, Ctrl-Shift-V)

Requires 4 stages:
Ctrl-C (in the source VM)
Ctrl-Shift-C (tells Qubes: copy this VM buffer into global clipboard)
Ctrl-Shift-V (in the destination VM: tells Qubes: make global clipboard
available to this VM)
Ctrl-V (in the destination VM)
Ctrl-Shift-C/V cannot be injected by VMs (unspoofable key combo).

In practice almost as fast as traditional 2-stage copy-paste (don’t freak
out! ;)

Thanks for suggesting that.


Thanks for your interest.



More technical explanation

https://www.qubes-os.org/doc/CopyPaste/

Would not easier for user and for us to implement just Ctrl-Shift-C/V ?

Frediano, I'm not following what you suggest here.
Do you mean implement just one operation of the two ?

Today we have two-stage copy/paste support: following steps 1 and 4
above. Note that those steps involve applications on
the guest.
Steps 2,3 are done automatically when clipboard operation is requested.

The suggestion is to do steps 2,3  only upon specific request.

The idea is:
- spice client see the Ctrl-Shift-C
- spice send a command to agent
- agent inject a Ctrl-C to copy to guest clipboard
- agent detect new clipboard and copy to global one (as it knows was a Ctrl-Shift-C) Or could be implemented by spice client instead of the agent (just having a vm clipboard copied from the agent and a global one)

Thanks,
    Uri.

The same concept can be applied to file drag n' drop feature in spice for safe interVM and guest-host file copying. Its too early to mention but it can help in the planning phase to make a generic solution for other data

and not just text.

Spice already has a drag and drop implementation of its own so I'm citing qubes design docs about secure filecopy out of interest not relevance. The architecture is different and relies on shared intervm memory and converting the data into a cpio-like format. Similar to xen shared memory is the KVM device ivshmem.

https://www.qubes-os.org/doc/Qfilecopy/

https://www.qubes-os.org/doc/CopyingFiles/
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
http://lists.freedesktop.org/mailman/listinfo/spice-devel





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]