On Tue, Jan 5, 2021, 11:04 PM pillule <[email protected]> wrote: > > Hello, > > I wonder how do you manage your computing life with the problem of > the clipboard / file sharing. > > > > I guess most of us cheats theses rules sometimes ; > if one deploys post-installation scripts in dom0, > or takes notes in a vault and wants to copy in that URL, > or maybe wants to take that snippet into that template ... > > I am curious to know how you think about it. >
My take on it is to weigh the risk. For instance, I have a 'Purchasing' vm and an Internet vm. I'll do all my searching of what I want to buy in the Internet VM and then copy the specific URL over to the Purchasing VM, rather than using the Purchasing vm to peruse the internet. I feel there is much more likelihood of picking up malware by visiting random internet sites than if I copy and paste a single url from a site that I have already inspected its URL. I'll do the same kind of checks when moving receipts and data from Purchasing to my Banking VM. For the really paranoid you can create a dvm text editor, paste the URL/text data there for inspection before finally copying it to the real destination VM. If the theoretical copy buffer attack is against Qubes itself I may still be screwed, but that would have to be done by an adversary that both knows what site I will be visiting and also know in advance that I use Qubes. We are talking Nation State adversary, who clearly already knows an awful lot about me. At that level of the game its only a matter of time since clearly I am a already a defined target of theirs. Pulling the plug would be the only effective defence at that point. So, weigh the risks and take precautions where possible. Always try to double check what you are copying/moving across VM's and be appropriately paranoid when moving data to a higher security domain. > -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAJ5FDnh-TtuH%2BorAbAx-cPuP2wcDfvpdQJrwPU46%3DTH-%2BW0j%3DQ%40mail.gmail.com.
