Re: [qubes-users] Looking for the 'alt+space+f' (fullscreen) command - Purpose is to place a new keybind

[Matteo]

> Does anyone know the 'alt+space+f'(fullscreen) command, or where to find it? Or are there none available in /bin /usr/bin or similar?

i think that you have to press that keys on the keyboard, is not a
terminal command (in fact you can't find in /usr/bin)

if you press alt+space bar a menu should pop up, the same menu can be
seen by clicking in the title bar of the window, from there you can see
maximize, minimize, close, and probably also fullscreen that can be
quickly selected with f.

note that qubes by default doesn't allow fullscreen, unless you enable
it. also usually websites and programs have a easily accessible
fullscreeen button (youtube).

but i'm not sure about what you want to do.
hope it helps

[Yuraeitha]

In Qubes 4 I never had to enable it btw, oddly, it just works.

I've solved the problem since posting, I was looking the entirely wrong place all along, but new ideas for clues came along after I had posted. So I deleted the topic since it had no views/posts at the time anyway and was resolved. But it seems it wasn't deleted after all x) But thinking it over again, perhaps this can help others looking to solve this too.

I've found two methods to solve it, although the second is only half solved. It was a bit like treasure hunting, here's the results.

1'st approach:
wmctrl -r :ACTIVE: -b toggle,fullscreen
If this is written in dom0 terminal, or any AppVM terminal, then the window will go fullscreen. This is the one one may want if keybinding, and pressing an active keybind while another window of choice is active. Write a .sh script file in dom0, and save the command. Then it's just a matter of using dom0 keybinding to activate it. Which gives much more flexibility to alt+space+f, for example changing it to alt+f or numpad at the other side of the room for remote pre-configured controls, i.e. using Qubes as a large screen on a distance. It has many uses, just use ones own imagination to find one. Also I believe this is the command Qubes uses internally when pressing alt+space+f, but I did not manage to confirm that. Also another variant is to use;
wmctrl -r :SELECT: -b toggle,fullscreen
This variant essentially turns ones mouse into a click to fullscreen whichever window one may pick with the mouse. One can still keyboard alt+tab between windows, without loosing the pointer to click, if the window is buried under the other windows. But for keybinding purposes, the ACTIVE variant is better suited than SELECT, at least for my own needs.

2'nd approach:
This is only half solving the problem, but simply writing in dom0, 'xdotool key alt+space' will bring up the XFWM4 popup menu, though I did not find a way to "chain it" to then select the last key, "f". But since I had the above solution already, I did not venture deeper to solve it, it needs the last step if anyone wants to use this approach. I'm personally content with the 1st approach though, it solves everything for my own needs.


On the security side of things, then dom0 controlled fullscreen "should" be fine, for as long it stays in the control of dom0, and not the VM. If the VM can change the fullscreen, it's my understanding it can exploit the user in social hacking. But if you control which VM has access to fullscreen, then you can also limit this issue, and are less likely to fall victim. That's my understanding, it may be I misunderstood the attack vector, but I think its correctly understood. The reason full-screen is bad, as I've understood it, is that social hacking can happen when you least expect it, so if you manually enter fullscreen, for a VM with limited and locked-down purposes, i.e. heavily firewalled with one of few purposes to the internet, then you're much less likely to fall victim to screen social hacks. Do feel free to correct me if I'm wrong about that, though, I don't think the security is any different than using alt+space+f, since it's essentially the same thing, and also controlled from dom0.

[Yuraeitha]

"or any AppVM terminal" scratch those 4 words out, I don't know why I wrote these, when its neither feasible nor secure to do it inside an AppVM <.< but it of course only works in dom0 terminal from a technical/practical perspective too.

[Yuraeitha]

On Sunday, February 11, 2018 at 9:51:56 AM UTC+1, Yuraeitha wrote:

Just got a new idea to solve the 2nd approach of the two to archive the same result (ironically after I posted the above, this seems to be a theme laltely >.<). But now both approaches works, whichever one prefers over the other.

write a .sh script and put in;
xdotool key space+alt
xdotool key f

That's it, it was surprisingly simple to fix, it works smoothly like wmctrl does too.

If anyone wants to do this themselves, then remember to change executable and owner if you accidentally wrote it in sudo for root ownership of the file you put in the home folder.

sudo chown your-username '/path-to-script.sh'
chmod +x '/path-to-script.sh'

Then keybind your script, but remember XFCE4 keybinding cannot do $HOME or ~/, so you need to write your full username in the keybind if you keep it anywhere in your home folder.

Also to answer your question about the purpose of this, is to get full veiw for videos or similar needs where a fullscreen improves emergence and experience of content. For example if having an AppVM for YouTube, Live TV, and other things like this, getting a full-screen improves quality, especially if the window colour is hideously standing out in contrast, although one can reduce this by making it black or whatever colour the screen-frame has. But changing window colour isn't a good solution, especially if you got a special video format which gets lowered in size a lot, even if just loosing a bit of the screen to the window-manager.

Generally too, if you only use fullscreen for video content, then the amount of social hacking that can be done is rather minuscule, if not impossible to pull off. If you leave fullscreen when not watching videos, then it should not be able to trick you. If I did not misunderstand anything, then there is no security risk under such circumstances, as long one does not click any random popup's or anything.

I'm not sure if an attack can reach dom0 or other VM's through fullscreen though, but it's not the feeling I got when reading the guides. If this is indeed possible, then fullscreen is a whole lot more scary indeed. But is that really possible? and if true, then it should probably be better explained so no one overlooks this nerdy, but crucial important detail to fullscreen security.

[donoban]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Have you tried 'alt+F11' on XFCE?

It's default hotkey in XFCE for fullscreen and you can modify it using
configuration editor.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAlqAFlcACgkQFBMQ2OPt
CKXVORAAn/Y8CO2whwLHDAZhSr/1dPpk4aWvS6elpcEA8eO1ahfPOCLVrchbye0I
4BN42XHfUEDfzzquiYu57nO0k6KoNWrvaoe4DlywaQ1ZC38mPEPpu0CGrknxGoLY
EWMiWHL3pMEflZPzUEJXFYAbgHEsWOyihaLkv8ofKHWxIhnMkTEmqwwxIiW0TCdo
hFuejDuSTWC4z+aBOwGHOs9y7wlzo4FknJpEL3FOA4A4qDQZmGHzuKjDqi09h1Ac
anuGOL8Y0eYt/fhJjeOhLsKpv1oaEDDs8pHHted3385U6OSdjlPeVHN4GgAOdNxu
GcsfMdPWBZgNUj9pZTIJlXOSTlqwpExU/ateBOKMbauATeZ7iGIXO6XsM3kT1Uvw
ss/AIEQ3qkXlcueOO6XsCpY+AiOmoNJ/p7CVn58TBBW42w/3x4XLXTwLOK8scnLn
/2Yw/chFWlzLsTozFZC84ARtUHo0Sb3z/FqeQocc+77QCxgNhYfm/WCig6crcCLV
LFF8n4pZY8mOPQEwEQWjoJADH1mcU0OcJA7cqQkYAms4w8xIcPH4/iIHN3x4FK5j
XqQTQ7QdBVCdAkP/ssntQS4lQzn8XKKK9Vlo1bk0oFKMPASJScN/O8ZzYi5EtJDW
BLrornMjWqf+5YD8TAd/OJfB42oY2bWUyWp384i8EBQc1dm/FVQ=
=7znw
-----END PGP SIGNATURE-----

[Yuraeitha]

I didn't know alt+f11 could do that too, definitely good to know.

I've already found a fix btw, I'm not sure if you read my post above or is just providing extra info. I apologize if I wrote a bit too much to make it a TL:DR, I understand if so. I'll put a TL:DR version below.

(Must be scripted and keybinded to work something else than the terminal).

wmctrl -r :ACTIVE: -b toggle,fullscreen

or

(Must be scripted together to chain both commands and keybinded to use on a focused window).

xdotool key space+alt
xdotool key f

Both will do exactly what alt+space+f or alt+f11, but usefulness is that it can be keybinded to whichever keybind, in particular useful if not having a keyboard available or if seeking easier keybind choices, whatever ones needs may be.

[Yuraeitha]

@Matteo

On Sunday, February 11, 2018 at 9:18:16 AM UTC+1, Matteo wrote:

Your words about security kept nagging at me on repeat, so I had a second look at what is written about the security topic of fullscreen. It's slightly different from what I remember, but it doesn't seem like it can expose dom0 and other VM's still though, but may still be harmful indeed.

Quote:
"Why is full screen mode potentially dangerous?
If one allowed one of the VMs to “own” the full screen, e.g. to show a movie on a full screen, it might not be possible for the user to know if the applications/VM really “released” the full screen, or if it has started emulating the whole desktop and is pretending to be the trusted Window Manager, drawing shapes on the screen that look e.g. like other windows, belonging to other domains (e.g. to trick the user into entering a secret passphrase into a window that looks like belonging to some trusted domain)." /quote-end.

It looks like fullscreen can't do "attacks" on dom0 and other VM's, but it can do something like keylogging, just visually from the screen instead, perhaps something akin to taking frequent light sized screenshots and then sending the screenshots over the internet.

But this is supposedly only a problem if fullscreen can be executed from within the VM itself, so as long as the "controls" for fullscreen remains in a secure domain, such as dom0 keybinds, it should remain safe, as the moment you use dom0 to stop fullscreen, the VM has no means to keep up its attack to keylog screenshots. I suppose that's what is meant by these words, maybe there is more to it. But it seems quite harmful if you don't mind an attacker knowing what movies you are watching, and even then, in this case it probably makes no difference if using fullscreen or not anyhow, as the non-fullscreen can be keylogged as well. So I suppose, as long you don't do anything in other windows, that has sensitive information, while you use fullscreen, we're safe.

Unless I've misunderstood something?

[Yuraeitha]

One example of usefulness is taking Qubes and turn it into a SmartTV. While Qubes isn't designed for this, in this age with screens having microphones and webcames, voice control, and what not, I do prefer to simply make sure SmartTV's have no internet access, and then install a secure OS like Qubes OS on a small computer. This is what I helped do for my friend and why I was looking for this command.

Essentially most controls is done with a mouse and a remote keypad. Keyboard is kept hidden away unless needed for updates and so on. But the idea is to easy put Streaming videos on fullscreen, in order to use Qubes as a secure SmartTV.

The keybind can be useful elsewhere I'm sure, it's just about being creative. Also now that I have the command available, I changed it to a more convenient key on my own Qubes system now that I had the command available.

[awokd]

On Sun, February 11, 2018 12:01 pm, Yuraeitha wrote:

> Quote:
> "Why is full screen mode potentially dangerous?
> If one allowed one of the VMs to “own” the full screen, e.g. to show a
> movie on a full screen, it might not be possible for the user to know if
> the applications/VM really “released” the full screen, or if it has
> started emulating the whole desktop and is pretending to be the trusted
> Window Manager, drawing shapes on the screen that look e.g. like other
> windows, belonging to other domains (e.g. to trick the user into entering
> a secret passphrase into a window that looks like belonging to some
> trusted domain)." /quote-end.

I think this is saying that when you run an application full screen, it
could pretend to act like Qubes and draw fake applications to trick you
into thinking you weren't running the application any more, but your
desktop.

It shouldn't have any access to other windows though, even in full screen.

[Yuraeitha]

@awokd

Indeed, it seems like this must be the case. If so, it seems to be a case where an attacker needs to fill in potentially lacking information to pull off an attack on the screen, in order to social engineer and trick people into typing sensitive information on the screen in a fake window.

Still though, this is completely undone if the control of the screen is taken back by dom0. So it should be impossible to do this once fullscreen is withdrawn, which usually happens when a person stops watching a movie or stream.

- I suppose it can still be harmful if alt+tab out of fullscreen without stopping fullscreen.
- or if a legit popup of whatever kind appears and a person forgets about the fullscreen in the background and leaves it running.
- or if multiple of monitors, and its fullscreen on one of them, can it then reach the other monitors?

But is it really like this though? How does it work here, does a fullscreen still have control of the fullscreen if it's put in the background behind other non-fullscreen windows? In this case, if true, it would give an attacker the ability to control the screen and make whatever appear on it, even if it's in the background or maybe even if on another screen while working on a second screen. Would an attacker be able to make changes to the work screen which isn't in fullscreen mode?

But I suppose whichever case it is, it hardly matters if a person always remembers to take back fullscreen with action from dom0, so that the AppVM looses its ability irregardless of what kind of attack is going on in the AppVM.

But it would be interesting to know if a fullscreen window can keep drawing pixels on the screen, even if it's for whatever odd reason has been put in the background etc. while still in fullscreen mode.

[Matteo]

> It looks like fullscreen can't do "attacks" on dom0 and other VM's,
but it can do something like keylogging, just visually from the screen
instead, perhaps something akin to taking frequent light sized
screenshots and then sending the screenshots over the internet.

This is possible both if the VM is in full screen mode or "small/normal"
mode. The vm can also key log the keyboard but only for keys sent to
that vm (so only while it is focused).
(while on a normal pc the kwylogger would be for the whole pc, here an
infected vm can keylog itself).

> But this is supposedly only a problem if fullscreen can be executed
from within the VM itself, so as long as the "controls" for fullscreen
remains in a secure domain, such as dom0 keybinds, it should remain
safe, as the moment you use dom0 to stop fullscreen, the VM has no
means to keep up its attack to keylog screenshots. I suppose that's what
is meant by these words, maybe there is more to it. But it seems quite
harmful if you don't mind an attacker knowing what movies you are
watching, and even then, in this case it probably makes no difference if
using fullscreen or not anyhow, as the non-fullscreen can be keylogged
as well. So I suppose, as long you don't do anything in other windows,
that has sensitive information, while you use fullscreen, we're safe.
>
> Unless I've misunderstood something?
>

The vm can go fullscreen if you allow it from vm permissions, (just
click youtube fullscreen button).

The problem is NOT if a vm can keylog (byscreenshot or by keyboard), if
you open a virus a vm can keylog in both ways both if is fullscreen or not.

the problem is HOW do you know in which vm you are?
if you are not in fullscreen mode is as easy as watch the window title.
but if is in fullscreen mode you can't tell where you are.
and what if the vm draw a fake start menu?
take this for example:
https://textslashplain.com/2017/01/14/the-line-of-death/
go down you will see a fake paypal window inside the real browser.
but that is not a paypal browser window on chrome, is a photo in the
website!
that is the problem that qubes aim to solve by preventing fullscreen.
attacking qubes is not easy as the attacker to simulate your desktop
must know what background and installed apps you have, what are your
template and vm names.

note that (unlike normal pc windows/linux) in qubes if you have an
infected vm with keylogger you don't care very much if you insert
sensitive data in other vm it will not be keylogged.