[virt-tools-list] [Spice-devel] [virt-tools] Feature Request - Secure clipboard
gramps at ruggedinbox.com
gramps at ruggedinbox.com
Sun Apr 26 15:52:55 UTC 2015
A secure clipboard is nice to have becuase there's no tradeoff between
convenience and safety. A vm can read the global clipboard only when you
want it. The Xen based Qubes has it and I don't see why KVM's spice and
libvirt can't. Here is how they did it:
slide 10 from
https://events.linuxfoundation.org/sites/events/files/slides/LinuxCon_2014_Qubes_Tutorial.pdf
Challenge: copy clipboard from VM “Alice” to VM “Bob”, don’t let VM
“Mallory” to learn
its content in the meantime
Solved by introducing Qubes “global clipboard” to/from which copy/paste is
explicitly
controlled by the user (Ctrl-Shift-C, Ctrl-Shift-V)
Requires 4 stages:
Ctrl-C (in the source VM)
Ctrl-Shift-C (tells Qubes: copy this VM buffer into global clipboard)
Ctrl-Shift-V (in the destination VM: tells Qubes: make global clipboard
available to this VM)
Ctrl-V (in the destination VM)
Ctrl-Shift-C/V cannot be injected by VMs (unspoofable key combo).
In practice almost as fast as traditional 2-stage copy-paste (don’t freak
out! ;)
More technical explanation
https://www.qubes-os.org/doc/CopyPaste/
More information about the virt-tools-list
mailing list