Help sending multiple files using qrexec
17 views
Skip to first unread message
pr...@tutanota.de
Dec 3, 2019, 8:40:29 PM12/3/19
to qubes...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
I am trying to send mutliple files using qrexec by catting the files using the
following scripts:
Script one on the client:
echo "$#"
while [ $1 ]; do
echo $(wc -l $1)
cat $1
shift
done
Script two on the server:
read NUMFILES
READFILES=0
while [ $READFILES -lt $NUMFILES ]; do
read CATFILESIZE CATFILENAME
head -n $CATFILESIZE > "$CATFILENAME"
((READFILES++))
done
This successfully sends the first file, but not the second, can anyone help
with this or should I be using qvm-copy?
Thanks for reading
-----BEGIN PGP SIGNATURE-----
iIgEARMKADAWIQRFNnsoPo7HH0XEMXc88cBGMbAIWAUCXecNwhIccHJhZ29AdHV0
YW5vdGEuZGUACgkQPPHARjGwCFiw0gD/TPKyOcTLN94aJYJd8oaf+4ciHy1jKZ9W
XBlIif0fJHMA/jy3LS32Ed21PcbACGz0RZIIGYGFoSptsyLQM5SH9fNd
=F4IQ
-----END PGP SIGNATURE-----
Hash: SHA512
Hi,
I am trying to send mutliple files using qrexec by catting the files using the
following scripts:
Script one on the client:
echo "$#"
while [ $1 ]; do
echo $(wc -l $1)
cat $1
shift
done
Script two on the server:
read NUMFILES
READFILES=0
while [ $READFILES -lt $NUMFILES ]; do
read CATFILESIZE CATFILENAME
head -n $CATFILESIZE > "$CATFILENAME"
((READFILES++))
done
This successfully sends the first file, but not the second, can anyone help
with this or should I be using qvm-copy?
Thanks for reading
-----BEGIN PGP SIGNATURE-----
iIgEARMKADAWIQRFNnsoPo7HH0XEMXc88cBGMbAIWAUCXecNwhIccHJhZ29AdHV0
YW5vdGEuZGUACgkQPPHARjGwCFiw0gD/TPKyOcTLN94aJYJd8oaf+4ciHy1jKZ9W
XBlIif0fJHMA/jy3LS32Ed21PcbACGz0RZIIGYGFoSptsyLQM5SH9fNd
=F4IQ
-----END PGP SIGNATURE-----
pixel fairy
Dec 4, 2019, 3:07:48 AM12/4/19
to qubes-users
qvm-copy.
if this done often between trusted qubes, you can pre approve the file copy in /etc/qubes-rpc/policy/qubes.Filecopy with a line like
srcvm destvm allow
haaber
Dec 4, 2019, 3:08:34 AM12/4/19
to qubes...@googlegroups.com
> This successfully sends the first file, but not the second, can anyone help
> with this or should I be using qvm-copy?
I don't say what you should, or should not, but what I think is more
> with this or should I be using qvm-copy?
easy: recall that qvm-copy or qvm-move take certainly multiple files.
The question is more intriguing if the list of files is produced by a
find command, or a for loop in bash.
Then you don't want to click each time on the "target qube" window that
dom0 will present. In such a case, to avoid loosing time, I would simply
write the list of all files in a small file (no newlines, just blanks)
and then use qvm-copy command on that list once. Or you through
everything in a non-comressed tar file and push that one over. Not
elegant, but fast & easy.
M
Dec 4, 2019, 5:07:11 AM12/4/19
to qubes-users
Can a hacker use the same script to transfer files from a victims pc remotely ?
And if so, how easy is it ?
pr...@tutanota.de
Dec 4, 2019, 9:28:53 PM12/4/19
to M, qubes-users
Hash: SHA512
I should have mentioned that this was part of a bigger script, using qvm-copy
would have required me to also pass along the qube name, so I could then cd to
the correct QubesIncoming directory. Keeping it simple I went with tar:
would have required me to also pass along the qube name, so I could then cd to
the correct QubesIncoming directory. Keeping it simple I went with tar:
Script one on the client:
tar -c $@ | cat
Script two on the server:
cat | tar -x
Thanks for the help!
Thanks for the help!
> Can a hacker use the same script to transfer files from a victims pc remotely ?
> And if so, how easy is it ?
This can't be used remotely, the server I mention above is another virtual
machine in the same Qubes system. This is just sending files between two qubes
-----BEGIN PGP SIGNATURE-----
iIgEARMKADAWIQRFNnsoPo7HH0XEMXc88cBGMbAIWAUCXehqqxIccHJhZ29AdHV0
YW5vdGEuZGUACgkQPPHARjGwCFi0VwD/WbakvtO9963x9VgVn6Is1Rs2TdNml0Mk
dNVQ/FJccIsA/isQ3sCnd0cD7TKgYVKFSkcw4gdqOkEVP4k6PiUuaoA1
=L1d7
-----END PGP SIGNATURE-----
machine in the same Qubes system. This is just sending files between two qubes
-----BEGIN PGP SIGNATURE-----
iIgEARMKADAWIQRFNnsoPo7HH0XEMXc88cBGMbAIWAUCXehqqxIccHJhZ29AdHV0
YW5vdGEuZGUACgkQPPHARjGwCFi0VwD/WbakvtO9963x9VgVn6Is1Rs2TdNml0Mk
dNVQ/FJccIsA/isQ3sCnd0cD7TKgYVKFSkcw4gdqOkEVP4k6PiUuaoA1
=L1d7
-----END PGP SIGNATURE-----
David Hobach
Dec 12, 2019, 7:11:24 AM12/12/19
to pr...@tutanota.de, qubes...@googlegroups.com
On 12/5/19 3:28 AM, pr...@tutanota.de wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> I should have mentioned that this was part of a bigger script, using qvm-copy
> would have required me to also pass along the qube name, so I could then cd to
> the correct QubesIncoming directory. Keeping it simple I went with tar:
>
> Script one on the client:
>
> tar -c $@ | cat
>
> Script two on the server:
>
> cat | tar -x
>
> Thanks for the help!
It might also work without cat, tar just doesn't like to print to shells.
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> I should have mentioned that this was part of a bigger script, using qvm-copy
> would have required me to also pass along the qube name, so I could then cd to
> the correct QubesIncoming directory. Keeping it simple I went with tar:
>
> Script one on the client:
>
> tar -c $@ | cat
>
> Script two on the server:
>
> cat | tar -x
>
> Thanks for the help!
And you'll probably want to quote your $@ --> "$@" for files with spaces
and other special characters if you're running inside bash.
>> Can a hacker use the same script to transfer files from a victims pc remotely ?
>> And if so, how easy is it ?
> This can't be used remotely, the server I mention above is another virtual
> machine in the same Qubes system. This is just sending files between two qubes
server VM above to execute code, yes. Also see [1].
For example the first script of this topic should be fairly easy to exploit.
In total I'd recommend to stick with the means provided unless
absolutely necessary.
[1] https://www.qubes-os.org/doc/qrexec/
Reply all
Reply to author
Forward
0 new messages