Pass I/O option from qvm-run - In Depth Knowlege?

[cr33d...@gmail.com]

Hello All,

Often used the -p or -pass-io option in the past and wanted to get some deeper knowlege how this actually works, if or what xen based techniques are behind it and so on.

Sadly the only thing i found was: "Pass stdin/stdout/stderr from remote program".
In some forums they talked about opening something like a io-tunnel to pass trough the Dom0. (When using qvm-run -p to transfer files between appvms)

If someone knows a bit more than this or can confirm and explain that tunnel thing to me, i would be very pleased.

Thanks,
Jonny

[David Hobach]

Good question, but I guess the code itself will provide the best answers.
You'll probably have to have a closer look at the qrexec framework. [1]

You shouldn't use -p without some caution in your scripts though as
passing stdin can lead to unexpected leaks from dom0 to an AppVM.
So if you don't need stdin passing, it would be good practice to use
qvm-run -p [..] < /dev/null
[2]

[1] https://www.qubes-os.org/doc/qrexec3/
[2] https://github.com/QubesOS/qubes-issues/issues/3074