Page MenuHomePhabricator

post feature request for more secure clipboard sharing against VirtualBox and KVM
Open, NormalPublic

Description

In VirtualBox / KVM:

* `ctrl + c` in a VM leads to copying the contents into the VMs clipboard as well as into the host clipboard as well as into the clipboard of any other VM
* `ctrl + c` on the host leads to copying the contents into the host's clipboard as well as into the clipboard of any VM
* this is non-ideal for security since in many cases VMs are used to compartmentalize things.

In Qubes:

* `ctrl + c` / `ctrl + v` takes effect only inside the VM. 
* Each VM has its own independent clipboard.
* The Qubes host (dom0) has its own independent clipboard.
* Qubes introduced the concept of a global clipboard.
* To global copy the user has to run `ctrl + shift + c`. This copies contents into the global clipboard.
* A subsequent `ctrl + shift + v` pastes it into one other VM.
* ("global clipboard" is a non-ideal name. The "global" clipboard cannot be read by other VMs in which `ctrl + shift + v` was not used.)
* After `ctrl + shift + v` the global clipboard gets cleared to prevent accidental leakage into another VM.
* These are my words. This is how Qubes describes the feature: [1]

[1] https://www.qubes-os.org/doc/copy-paste/

TODO:
rehash and post feature requests against VirtualBox and KVM


KVM

Details

Impact
Normal

Event Timeline

rehash and post feature requests against VirtualBox and KVM

I don't remember. What were the feature requests that we wanted from VB/KVM?

defer

Two small changes. Tell me if you want it for 14.
For reference:

https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm#L103
sudo $SUDO_OPTS VBoxManage modifyvm "$VMNAME" --clipboard bidirectional
https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm#L106
sudo $SUDO_OPTS VBoxManage modifyvm "$VMNAME" --draganddrop hosttoguest

rehash and post feature requests against VirtualBox and KVM

I don't remember. What were the feature requests that we wanted from VB/KVM?

Same way Qubes is doing it. In VirtualBox case that would be:

host key + ctrl + c
host key + ctrl + v
host key + ctrl + x

host key is the terminology that VirtualBox developers are already using.

That. And then read https://www.qubes-os.org/doc/copy-paste/ and rehash to make the case for VirtualBox.

Defer making the KVM feature request to HulaHoop.

defer

Two small changes. Tell me if you want it for 14.
For reference:

https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm#L103
sudo $SUDO_OPTS VBoxManage modifyvm "$VMNAME" --clipboard bidirectional
https://github.com/Whonix/Whonix/blob/master/build-steps.d/2600_create-vbox-vm#L106
sudo $SUDO_OPTS VBoxManage modifyvm "$VMNAME" --draganddrop hosttoguest

Since it's that easy, can be done for Whonix 14.

Patrick edited projects, added usability, VirtualBox; removed Whonix 15.Sat, Apr 6, 5:04 PM
Patrick added a subscriber: HulaHoop.
Patrick updated the task description. (Show Details)Wed, Apr 24, 10:04 AM
Patrick updated the task description. (Show Details)Wed, Apr 24, 10:07 AM
Patrick renamed this task from Better Clipboard and DragnDrop for Whonix to post feature request for more secure clipboard sharing against VirtualBox and KVM.Wed, Apr 24, 10:17 AM
Patrick updated the task description. (Show Details)

Update:

Issue was discussed by Libvirt devs on RedHat bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1320263#c4
I even linked to a secure clipboard proposal that would have given a secure clipboard functionality by copying Qubes style interaction. It went no where and was closed as WONTFIX.

https://bugzilla.redhat.com/show_bug.cgi?id=1320263#c5


Feel free to pursue this for VBox, as for KVM the issue is moot and you can close the ticket.

Patrick updated the task description. (Show Details)Thu, Apr 25, 11:08 AM
Patrick updated the task description. (Show Details)
Patrick updated the task description. (Show Details)