Hello everyone,
like the subject already says, I'd like to request for a feature which
shows the exact clipboard size when hitting the magic hotkey Ctrl-Shift-C.
Due to lack of hardware, I didn't test if this is already the case, but
I couldn't find any suggesting.
AFAIK, after hitting the mentioned hotkey there appears a dom0 message
box confirming that hit. This seems to be the ideal place where to
inform the user about the current clipboard size.
The aim is to enable the user to estimate if the clipboard seems to be
reasonable without parsing it. As Joanna mentioned here [1], parsing is
potentially dangerous. So, this feature here could be a practicable
middle course.
I know that this should not let the user feel safe. Even with this
feature, it's still potentially dangerous to copy from a less trusted VM
to a more trusted one. However, this feature could prevent some
malicious attacks in an easy way, independent from the trust to a VM.
Let's say, a malware tries to put harmful code into the clipboard a
hundred times per second, thus, it'll override the users clipboard
content before pasting it and also before hitting Ctrl-Shift-C. Okay, I
have to admit that an even smarter malware might keep the size of the
big enough clipboard when putting its payload to it.
Of course, the user should be "trained" in guessing the necessary
clipboard size before using that feature. A new "Estimating Clipboard
Size" documentation section or page, showing examples for ASCII plain
text, UTF-8 plain text, HTML text, images etc., could help.
Besides that, it could be useful to show the size again after hitting
the magic hotkey Ctrl-Shift-V.
What do you think about it?
Kind regards,
Tobias
[1]
https://groups.google.com/d/msg/qubes-devel/JJN9GZMmp5s/AW7gzjK1tEgJ