Clipboard security and risks pasting commands from documentation to a dom0 bash prompt

27 views
Skip to first unread message

Peter Funk

unread,
Feb 3, 2020, 6:04:19 AM2/3/20
to qubes...@googlegroups.com
Hello,

Although I'm using Linux on my desktop computers since 1994 I'm a Newbie
to Qubes OS. Last weekend I enjoyed playing around with Qubes OS installed
on a fresh dedicated SSD and I must say you (the developers) did a great job.

Hopefully the following is no dumb question:

I would like to copy commands from certain pages of docs (for example
something like those here::

sudo dnf upgrade --enablerepo=qubes-vm-*-current-testing
sudo dnf upgrade --enablerepo=qubes-vm-*-security-testing
sudo dnf upgrade --enablerepo=qubes-vm-*-unstable

into a dom0 shell window. I've found and read the Paragraph in
doc/copy-from-dom0/ which has the section title "Copying to dom0".

I understand that copy/pasting malicious commands would be a risk.
But why is not possible to filter a selection so it only contains
plain ASCII characters? This would save users from having to retype
certain long commands from the documentation.

Best regards (Liebe Grüße), Peter Funk
--
Peter Funk ✉:Oldenburger Str.86, 27777 Ganderkesee, Germany;📱:+49-179-640-8878
signature.asc

unman

unread,
Feb 3, 2020, 6:35:44 AM2/3/20
to qubes...@googlegroups.com
> Best regards (Liebe Gr????e), Peter Funk
> --
> Peter Funk ???:Oldenburger Str.86, 27777 Ganderkesee, Germany;????:+49-179-640-8878

Welcome to Qubes.
The canonical way to do this would be to create a text file
(copy/paste) in a qube, and then copy *that file* in to dom0, and then
copy/paste the commands in dom0.
I'm not sure that copying a file is any better, to be honest.
In general, Qubes does not want to make it easy to copy in to dom0.

It would be possible to filter as you suggest, but where would this be
done?
If in the qube, then you are trusting a low security qube to sanitise
input for dom0 - a bad idea.
If in dom0, then you are copying the unsanitised material in to dom0,
and processing it there - a bad idea.

unman
Reply all
Reply to author
Forward
0 new messages