On 12/26/2015 09:35 AM, Marek Marczykowski-Górecki wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> Having control over cursor shape it may mislead the user actions. While
> it shouldn't be a problem inside the same VM, it may be complex to do it
> right - to not interfere with windows of other VMs.
> In short: without prior proper design, which would be simple and simple
> to implement, we don't want to have such feature, at least not by
It seems to me the cursor would just take on the assigned shape for
whichever window/VM is active. The only security problem I see is if
malware tries to mimic a different UI element (i.e. a menu with a white
or green border)...but without ability to control placement, using that
to exploit would be a lost cause.
Cursor shape is a functional part of the UI, to the point of being
critical for certain apps like spreadsheets and drawing. If Qubes deems
this a possible source of confusion then it should explain the threat
model for cursors (having already done so for windows).