My goal is to to able to:
1) Take a screenshot using the dom0 hotkey
2) In the "Screenshot" dialogue, select a script from the "Open with:" option
3) A text entry box that prompts me for the destination VM
4) The screenshot is sent to the indicated VM
I think this can be accomplished with
.desktop application file
zenity
qvm-move-to-vm/qvm-copy-to-vm/qvm-open-in-vm
but I'm lost in the details.
Current problems
- I can't get dom0 to include my .desktop application files as "Open with:" options in the "Screenshot" dialogue
- I'm not sure what format the screenshot is in initially... will the .desktop application receive a bunch of bits? Or the path to a temporary file?
- I can figure out how to pipe the screenshot if it's a file, but I don't know how to handle a "bunch of bits" scenario
Has anyone done this already? I'm aware of qvm-screenshot-tool.sh, which looks great, but the code is too complicated for me to review and I just need basic functionality anyway. https://github.com/evadogstar/qvm-screenshot-tool/blob/master/qvm-screenshot-tool.sh
This could be useful feature. Happy to help for the dev part...
What do you think about the default behavior being to:
- screen-shot only a VM window? Is it available?
- screen-shot an area that you lasso?
I'm suggesting these because the Qubes default should always be the safest that can be implemented...
Could be a very useful feature! Current means of taking a screen shot are very very clumsy :)
Qubes already has built-in the capability to screenshot the entire desktop (Printscreen) or the current window (Ctrl+Printscreen).
Lasso would be nice I suppose, but might open up some way to exploit.
Just so I'm clearer - I'm just talking about a simple solution, not building any new application. We could use a .desktop file similar to this
[Desktop Entry]
Encoding=UTF-8
Name=BrowserVM
Exec=qvm-open-in-vm APPVMNAME %u
Terminal=false
X-MultipleArgs=false
Type=Application
Categories=Network;WebBrowser;
MimeType=x-scheme-handler/unknown
as documented in https://www.qubes-os.org/doc/tips-and-tricks/#opening-links-in-your-preferred-appvm
I've gotten this done so far
[Desktop Entry]
Encoding=UTF-8
Name=Open Screenshot in VM
Exec=zenity --entry --text="Enter destination domain name:" | qvm-open-in-vm %u
Terminal=false
X-MultipleArgs=false
Type=Application
Categories=Network;WebBrowser;
MimeType=x-scheme-handler/unknown
Default should prevent, but user should have choice.
>
> Imagine having your Vault VM window open with all your passwords and then
> you auto-upload a screenshot of that into a compromised VM which then causes
> the screenshot to be uploaded to a server.
>
> I'm not aware of any way to avoid this data-leakage using the screenshot
> application in dom0.
> --
> Tom Zander
> Blog: https://zander.github.io
> Vlog: https://vimeo.com/channels/tomscryptochannel
XFCE (default Qubes Windows manager) provides a screenshot application (Menu/System Tools/Screenshot activated with the PrintScreen Key as well)
This launch a windows with:
- Region to capture (radio selection)
- Entire screen (selected by default)
- Active window
- Select a region
- Delay before capturing
- X seconds (default is 1)
- Capture mouse pointer
- Y/N (default Y)
What I think needs to be done:
- Change the default for region to capture to "active window"
- Also
- hook into screenshot so that either
- when OK (or Enter key) is pressed
- the Save As dialog is replace by another one where you put the VM name (and it goes into QubesIncoming in that VM, for Dom0 into /home/user/screenshots)
- Dom0 Confirmation pop-up appear (same as usual copy/move file) with a preview (TBC)?
OR - the Save As dialog has a kind of "network drive list" which is the list of VMs that are running, and saving there save to QubesIncoming for that VM. You have to prevent the create directory and other stuff probably. Benefit is that it is probably re-usable for any Dom0 apps which use the Save As window.
OK for the impatient, this will send a screenshot of the current window to a VM (no selection of target VM for the moment):
1- Bind shortcut key:
Click on: Menu/System Tools/Keyboard
Click on: Application Shortcuts tab
Click on Add
Command: xfce4-screenshooter -w -o /usr/local/bin/screenshooter.sh
Bind to Ctrl + Shift + PrintScreen (or whatever you want)
2- Create script that will copy the file to the target VM
in Dom0 terminal
sudo vi /usr/local/screenshooter.sh
#!/bin/bash
cat $1 qvm-run --pass-io <VMName> "cat > /home/user/`echo $1 | awk -F'/' '{print $3}'`"
where <VMName> is the started VM that will receive the screenshot. You can obviously choose a path that user has write access to. You may want to clean the file that is save by default in /tmp by adding this line
rm /tmp/`echo $1 | awk -F'/' '{print $3}'`"
3- Make the script executable
sudo chmod a+x /usr/local/bin/screenshooter.sh
Ah great. I like this implementation. Reviewing the code it does not seem to introduce any risk and provide all the functionality required.
Could you explain briefly the steps to install (after the git pull).
May I also ask you for some help/pointer on a yubikey package I've done. I just need to do the packaging and it may save me some time if you were to give me few pointers...
Project is here... the doc state that it is packages, but it is not (yet)...
https://github.com/adubois/qubes-app-linux-yubikey
Please reply in that thread if you want:
https://groups.google.com/forum/#!topic/qubes-users/BkdTuXZZnwE