I wonder how do you manage your computing life with the problem of the clipboard / file sharing.
The documentation states :
“However, one should keep in mind that performing a copy and paste operation from less trusted to more trusted qube is always potentially insecure, since the data that we copy could exploit some hypothetical bug in the target qube. For example, the seemingly-innocent link that we copy from an untrusted qube could turn out to be a large buffer of junk that, when pasted into the target qube’s word processor, could exploit a hypothetical bug in the undo buffer. This is a general problem and applies to any data transfer from less trusted to more trusted qubes. It even applies to copying files between physically separate (air-gapped) machines. Therefore, you should always copy clipboard data only from more trusted to less trusted qubes.”
Also I remember a paper of Joanna Rutkowska assuming the same principles.
I guess most of us cheats theses rules sometimes ;
if one deploys post-installation scripts in dom0,
or takes notes in a vault and wants to copy in that URL,
or maybe wants to take that snippet into that template ...
I am curious to know how you think about it.
I would like to let the least possible of my data in the VMs which are exposed to the network. This, with the fact the ressources of my computer are limited, unfortunally may leads to open breaches in the comportamentalisation :
Now I have a vault where I takes notes and needs to paste things into it. I can't afford using a vault for each new context and it will not solve the issue of the clipboard.
Maybe I should just stick to the idea of one context equal one VM, and refine what I think is pertinent to put on the word ‘context’.
Otherwise, Is there really nothing one can do to enforce the integrity of a piece of text ?
Like using an OCR from dom0 to retranscript an screenshoot of a less trusted VM (is that dumb or also somehow flawed or just so loud nobody wants it) ?