/qubes-issues

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

"[Dom0] Choose Preferred Application" improvement #3996

Open
RefinedSoftwareLLC opened this Issue Jun 14, 2018 · 0 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
  Release 4.1
2 participants
@RefinedSoftwareLLC @andrewdavidwong
@RefinedSoftwareLLC

RefinedSoftwareLLC commented Jun 14, 2018
edited
Edited 4 times
  • @RefinedSoftwareLLC RefinedSoftwareLLC edited Jun 15, 2018 (most recent)
  • @RefinedSoftwareLLC RefinedSoftwareLLC edited Jun 15, 2018
  • @RefinedSoftwareLLC RefinedSoftwareLLC edited Jun 14, 2018
  • @RefinedSoftwareLLC RefinedSoftwareLLC edited Jun 14, 2018
  • @RefinedSoftwareLLC RefinedSoftwareLLC created Jun 14, 2018

If this change is not desired, please refer to "General notes".

Qubes OS version:

R4.0

Affected component(s):

dom0

Steps to reproduce the behavior:

Right click the taskbar audio widget.
Select "About".
Left click "Website".
"[Dom0] Choose Preferred Application" displays.
Dropdown "No application selected" only has "Other..." option which drops you into a select file popup.
Unable to even see the link it is trying to open in a browser.

Expected behavior:

  • In "[Dom0] Choose Preferred Application" popup, it needs to have the same list as the file manager's "Open with another Application..." list which include Applications from other VMs, especially DispVMs.
  • For security, future openings of that file extension should ALWAYS ask for permission (like websites do, when a link will take you somewhere outside their website). This includes file extension defaults set by "Open with another Application...".
Copying this file/link to this Qube then this application opening it,
can leak information like passwords or ways to identify you.
This is not recommended, are you sure you want to continue?
<filename/sterilized-url>
<vm-name>
<application-name>
[Cancel]    [Open with another Application...]    [Continue]
  • For security, the file needs to be read only and never bring back any changes into dom0.
  • Should this copy the file with qvm-copy-to-vm <dest-vm> <file> then open it up in the other VM?
  • Sterilize urls, removing any non-web characters, invisible Unicode characters, only allowing select prefixes like http/https, and disallowing any port numbers.

Actual behavior:

In "[Dom0] Choose Preferred Application" popup,
Dropdown "No application selected" only has "Other..." option which drops you into a select file popup.
Unable to even see the link it is trying to open in a browser.

General notes:

If this change is not desired because opening dom0 files in another VM is a security risk, then shouldn't "Open with another Application..." not even display Applications from another VM?
Currently, when I select an Application from another VM, it doesn't open the file. Shouldn't dom0 at least display a notification, instead of silently failing? In this case, clicking a website link in the about page of a widget should default to opening a text editor with the website link in a new file.

Related issues:

@andrewdavidwong andrewdavidwong added enhancement C: desktop-linux UX security labels Jun 14, 2018

@andrewdavidwong andrewdavidwong added this to the Release 4.1 milestone Jun 14, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment