Page MenuHomePhabricator

post feature request for more secure clipboard sharing against VirtualBox and KVM
Open, NormalPublic

Description

In VirtualBox / KVM:

* `ctrl + c` in a VM leads to copying the contents into the VMs clipboard as well as into the host clipboard as well as into the clipboard of any other VM
* `ctrl + c` on the host leads to copying the contents into the host's clipboard as well as into the clipboard of any VM
* this is non-ideal for security since in many cases VMs are used to compartmentalize things.

In Qubes:

* `ctrl + c` / `ctrl + v` takes effect only inside the VM. 
* Each VM has its own independent clipboard.
* The Qubes host (dom0) has its own independent clipboard.
* Qubes introduced the concept of a global clipboard.
* To global copy the user has to run `ctrl + shift + c`. This copies contents into the global clipboard.
* A subsequent `ctrl + shift + v` pastes it into one other VM.
* ("global clipboard" is a non-ideal name. The "global" clipboard cannot be read by other VMs in which `ctrl + shift + v` was not used.)
* After `ctrl + shift + v` the global clipboard gets cleared to prevent accidental leakage into another VM.
* These are my words. This is how Qubes describes the feature: [1]

[1] https://www.qubes-os.org/doc/copy-paste/

TODO:
rehash and post feature requests against VirtualBox and KVM


KVM

Details

Impact
Normal

Event Timeline

rehash and post feature requests against VirtualBox and KVM

I don't remember. What were the feature requests that we wanted from VB/KVM?

defer

Two small changes. Tell me if you want it for 14.
For reference:

https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm#L103
sudo $SUDO_OPTS VBoxManage modifyvm "$VMNAME" --clipboard bidirectional
https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm#L106
sudo $SUDO_OPTS VBoxManage modifyvm "$VMNAME" --draganddrop hosttoguest

rehash and post feature requests against VirtualBox and KVM

I don't remember. What were the feature requests that we wanted from VB/KVM?

Same way Qubes is doing it. In VirtualBox case that would be:

host key + ctrl + c
host key + ctrl + v
host key + ctrl + x

host key is the terminology that VirtualBox developers are already using.

That. And then read https://www.qubes-os.org/doc/copy-paste/ and rehash to make the case for VirtualBox.

Defer making the KVM feature request to HulaHoop.

defer

Two small changes. Tell me if you want it for 14.
For reference:

https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm#L103
sudo $SUDO_OPTS VBoxManage modifyvm "$VMNAME" --clipboard bidirectional
https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm#L106
sudo $SUDO_OPTS VBoxManage modifyvm "$VMNAME" --draganddrop hosttoguest

Since it's that easy, can be done for Whonix 14.

Patrick renamed this task from Better Clipboard and DragnDrop for Whonix to post feature request for more secure clipboard sharing against VirtualBox and KVM.Apr 24 2019, 10:17 AM
Patrick updated the task description. (Show Details)

Update:

Issue was discussed by Libvirt devs on RedHat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1320263#c4
I even linked to a secure clipboard proposal that would have given a secure clipboard functionality by copying Qubes style interaction. It went no where and was closed as WONTFIX.

https://bugzilla.redhat.com/show_bug.cgi?id=1320263#c5


Feel free to pursue this for VBox, as for KVM the issue is moot and you can close the ticket.

Patrick updated the task description. (Show Details)
Patrick updated the task description. (Show Details)

No suggestion for a secure implementation was posted there. Therefore not too surprising it went nowhere. I woulnd't take that one as reason to give up already.

https://lists.freedesktop.org/archives/spice-devel/2015-April/019617.html

That one sounds friendly, interested. Perhaps it just was forgotten?

Could you please rehash and post a feature request at https://gitlab.freedesktop.org/groups/spice/-/issues?

HulaHoop (HulaHoop):

HulaHoop added a comment.

https://gitlab.freedesktop.org/spice/spice-protocol/issues/8

Awesome!

Update:

Accepted as optional feature/usecase. Moved implementation design from protocol level to spice-gtk.

https://gitlab.freedesktop.org/spice/spice-gtk/issues/97