feature idea: creat trusted office document
50 views
Skip to first unread message
cubit
Mar 14, 2017, 5:39:36 PM3/14/17
to Qubes Users
What would be possibility of getting a file manager context menu item to create trusted office document like we have for PDF and img currently.
I think make the document its self safe is hard while keeping the file type but maybe "convert to trusted pdf" would be usable solution?
I think make the document its self safe is hard while keeping the file type but maybe "convert to trusted pdf" would be usable solution?
Chris Laprise
Mar 14, 2017, 7:34:26 PM3/14/17
to cubit, Qubes Users
user... open doc in untrusted/disp VM and "Save As PDF", then run the
usual Trusted PDF function (from a trusted VM; it doesn't help to run it
from untrusted).
I prefer the idea of a trusted doc format, if such a thing is possible.
But I think that's outside of Qubes' scope at least for now.
--
Chris Laprise, tas...@openmailbox.org
https://twitter.com/ttaskett
cubit
Mar 14, 2017, 7:44:25 PM3/14/17
to Chris Laprise, Qubes Users
14. Mar 2017 23:34 by tas...@openmailbox.org:
The latter sounds plausible. But its just removing one step for the user... open doc in untrusted/disp VM and "Save As PDF", then run the usual Trusted PDF function (from a trusted VM; it doesn't help to run it from untrusted).
Unless I am over complicating my work flow, I have many steps to get a risky doc to a pdf I can give for some person
- open document it disp vm
- save as pdf
- open dom0 terminal
- get dom0 to open a disp terminal in the same dispVM as the disposable doc
- move converted PDF to a trusted domain
- view PDF
so be 3 extra step it would cut down.
Jean-Philippe Ouellet
Mar 15, 2017, 6:46:42 AM3/15/17
to cubit, Chris Laprise, Qubes Users
On Tue, Mar 14, 2017 at 7:44 PM, cubit <cu...@tutanota.com> wrote:
> - open dom0 terminal
> - get dom0 to open a disp terminal in the same dispVM as the disposable doc
Ouch. I'd forgotten how annoying that could be. I have a script [1]
> - open dom0 terminal
> - get dom0 to open a disp terminal in the same dispVM as the disposable doc
bound to a keyboard shortcut to open a terminal in the same VM as the
front-most window. Perhaps you might find it useful?
[1]: https://gist.github.com/jpouellet/0f74459699433cabc26c389caf36b455
Andrew David Wong
Mar 15, 2017, 6:57:34 PM3/15/17
to Jean-Philippe Ouellet, cubit, Chris Laprise, Qubes Users
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Thanks, JP. It would be great to have this functionality integrated
into Qubes by default. Tracking:
https://github.com/QubesOS/qubes-issues/issues/2706
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYycbIAAoJENtN07w5UDAwavYP/Ry8asVBXRSxv5/p9ffVAmPi
XKn7X3WKykO8NriXJzA4Y6+5Im3GPOVI9k2V43Rv+IGa9VN3ZW0ppLcti8qinaEw
0XlHisnUIUor603m/pUFQElKnMxstbnefF3mDIU8ePT9WNChA+qbx4e6Bq19prcI
y3bqyDeFhkbhz+49dDHOs/41NYDnfaTDrawma+oUJlQgH/AclGn0CbjLN/FgzgxW
Z9R61FETX626YR4Ya0Rd5fbVduSd4Hwhewpuv2EMUpEmueVIqDSGTZZ29y83NBKE
rs8c6fmBdybxZSPsQihs2np8Semb7HmFD2tdBqdVediYA8eGEKyqLM/Z4W7NSKtU
fpe5wiZLrTa8sEPc8mAitRWA+zJjzhYiEazOZWMwrMxFp+9JdZT38PDYdggGBLaL
1/6Fkqt423qeZBCtD/DcbXsUoFdugy1uN0Ha8s1bnlTA0mLjpZZ+xuov4Tenl8ej
XozebjRsDbT5wjKw+6T2lenWO5y3HFc/+TkQM1+0ZrB8Ic6M0pERjLukQxOamgSG
zE5eq1HWIq6lGwBNjKIIT9gs7S7bZpaGlNCmtpsDJGJi8IeiHdpjVysStsX+gAmG
hueL1RnWRVr4U9QJtaRNjPlQ3Q98m5aL/FH2PdFgBzV5j9uPnw+Ur9u4iCRiEqDI
acEm81ltvd7C2NBOOjgY
=zXco
-----END PGP SIGNATURE-----
Hash: SHA512
into Qubes by default. Tracking:
https://github.com/QubesOS/qubes-issues/issues/2706
- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJYycbIAAoJENtN07w5UDAwavYP/Ry8asVBXRSxv5/p9ffVAmPi
XKn7X3WKykO8NriXJzA4Y6+5Im3GPOVI9k2V43Rv+IGa9VN3ZW0ppLcti8qinaEw
0XlHisnUIUor603m/pUFQElKnMxstbnefF3mDIU8ePT9WNChA+qbx4e6Bq19prcI
y3bqyDeFhkbhz+49dDHOs/41NYDnfaTDrawma+oUJlQgH/AclGn0CbjLN/FgzgxW
Z9R61FETX626YR4Ya0Rd5fbVduSd4Hwhewpuv2EMUpEmueVIqDSGTZZ29y83NBKE
rs8c6fmBdybxZSPsQihs2np8Semb7HmFD2tdBqdVediYA8eGEKyqLM/Z4W7NSKtU
fpe5wiZLrTa8sEPc8mAitRWA+zJjzhYiEazOZWMwrMxFp+9JdZT38PDYdggGBLaL
1/6Fkqt423qeZBCtD/DcbXsUoFdugy1uN0Ha8s1bnlTA0mLjpZZ+xuov4Tenl8ej
XozebjRsDbT5wjKw+6T2lenWO5y3HFc/+TkQM1+0ZrB8Ic6M0pERjLukQxOamgSG
zE5eq1HWIq6lGwBNjKIIT9gs7S7bZpaGlNCmtpsDJGJi8IeiHdpjVysStsX+gAmG
hueL1RnWRVr4U9QJtaRNjPlQ3Q98m5aL/FH2PdFgBzV5j9uPnw+Ur9u4iCRiEqDI
acEm81ltvd7C2NBOOjgY
=zXco
-----END PGP SIGNATURE-----
Unman
Mar 15, 2017, 8:53:05 PM3/15/17
to cubit, Qubes Users
On Tue, Mar 14, 2017 at 10:39:34PM +0100, cubit wrote:
> What would be possibility of getting a file manager context menu item to create trusted office document like we have for PDF and img currently.
>
> I think make the document its self safe is hard while keeping the file type but maybe "convert to trusted pdf" would be usable solution?
>
I tend to use tools like catdoc and docx2txt to extract text.
> What would be possibility of getting a file manager context menu item to create trusted office document like we have for PDF and img currently.
>
> I think make the document its self safe is hard while keeping the file type but maybe "convert to trusted pdf" would be usable solution?
>
You could, I suppose convert to RTF format, although I dont know if that
is substantially more trusted.
If you want to try converting to trusted pdf, you could insert this in to
/usr/lib/qpdf-convert-server: you'll need to have libreofice installed
in the relevant template.
Below the lines:
# Get the original (untrusted) PDF file...
cat > $INPUT_FILE
INSERT:
if [[ $(mimetype $INPUT_FILE) == *msword ]]; then
loffice --headless --convert-to pdf --outdir /tmp $INPUT_FILE &>/dev/null
cd /tmp
INPUT_FILE="/tmp/$(basename $INPUT_FILE )".pdf
fi
Make this change in the template you use for disposableVMs.
use qvm-create-default-dvm to rebuild your DVMTemplate
Now you should be able to convert msword files to PDF just as you convert
PDFs.
All it's doing is converting doc to PDF via libreoffice and then
processing that PDF as normal - all in the disposableVM
Using the mimetype isn't good, and you'll need to extend that to other
forms for more recent formats, but it's a quick hack that works.(I
think)
It occurs to me that you could use the same trick for all sorts of
"trusted pdf" conversions.
unman
Reply all
Reply to author
Forward
0 new messages