Add keypress initiated wipe of VM clipboard #29
Conversation
johanna-a
force-pushed
the
feature_blank_master
branch
from
3d494aa
to
d52906a
Compare
|
I've uploaded my key to the sks public keyservers but it seems it has not been added yet. Just FYI. |
|
Have you tried sending empty clipboard message, with untrusted_len=0? By code inspection of gui-agent-linux, it should work. There is also related discussion here: QubesOS/qubes-issues#3415 |
When using a password manager in an isolated VM and copying passwords from there, it is convenient to have a quick method to wipe the clipboard of the active VM after the password has been used. This adds the keyboard shortcut Ctrl+Shift+B (for blank) as default to paste a single space into the VM clipboard. Note that this is a proof-of-concept at this stage, not including support for stubdom VMs nor having been thoroughly tested.
johanna-a
force-pushed
the
feature_blank_master
branch
from
d52906a
to
b32e527
Compare
You are right, untrusted_len=0 does work. I don't know where but I thought I followed that execution path and found a malloc(len) somewhere but that might be when I was still chasing the stubdom code. I updated with an empty clipboard message now, the code can really use a cleanup though. I'm still considering this unfinished before it has stubdom support and perhaps also support for some notification that the clipboard is blanked (that seems non-trivial though)
I don't think these ideas are mutually exclusive. I like the control of initiating clearing the clipboard with the press of a button, but someone else may prefer a timeout, or both. My idea for adding a timeout is that clearing the clipboard will be dom0 initiated depending on a flag on the VM that the clipboard data come from. That would enable passwords copied from a vault to be cleared while url:s copied form other VMs would not. This isn't perfect with regards to the not clearing if the clipboard data has already been modified, but it might be good enough. The solution to that is probably introducing a new command (or the special case of clipboard data of length 0) that clears the clipboard if it hasn't been changed since the last qubes clipboard operation. As for initiating the clear from the password vault VM, I think that would just be too messy. |
When using a password manager in an isolated VM and copying passwords from
there, it is convenient to have a quick method to wipe the clipboard of the
active VM after the password has been used. This adds the keyboard shortcut
Ctrl+Shift+B (for blank) as default to paste a single space into the VM
clipboard.
Note that this is a proof-of-concept/request-for-comments at this stage, not including support for
stubdom VMs nor having been thoroughly tested. Also, actually blanking the clipboard instead of replacing it with a single space would be nicer. But I wanted to see if there's any interest in this feature before going forward with development :)
Also note that this has been tested against r4.0 with the fc25 dom0, but not (yet) on fc29 dom0.