[Spice-devel] [virt-tools] Feature Request - Secure clipboard

[Frediano Ziglio]

> 
> A secure clipboard is nice to have becuase there's no tradeoff between
> convenience and safety. A vm can read the global clipboard only when you
> want it. The Xen based Qubes has it and I don't see why KVM's spice and
> libvirt can't. Here is how they did it:
> 
> 
> slide 10 from
> 
> https://events.linuxfoundation.org/sites/events/files/slides/LinuxCon_2014_Qubes_Tutorial.pdf
> 
> Challenge: copy clipboard from VM “Alice” to VM “Bob”, don’t let VM
> “Mallory” to learn
> its content in the meantime
> 
> Solved by introducing Qubes “global clipboard” to/from which copy/paste is
> explicitly
> controlled by the user (Ctrl-Shift-C, Ctrl-Shift-V)
> 
> Requires 4 stages:
> Ctrl-C (in the source VM)
> Ctrl-Shift-C (tells Qubes: copy this VM buffer into global clipboard)
> Ctrl-Shift-V (in the destination VM: tells Qubes: make global clipboard
> available to this VM)
> Ctrl-V (in the destination VM)
> Ctrl-Shift-C/V cannot be injected by VMs (unspoofable key combo).
> 
> In practice almost as fast as traditional 2-stage copy-paste (don’t freak
> out! ;)
> 
> 
> More technical explanation
> 
> https://www.qubes-os.org/doc/CopyPaste/
> 

Would not easier for user and for us to implement just Ctrl-Shift-C/V ?
The idea is:
- spice client see the Ctrl-Shift-C
- spice send a command to agent
- agent inject a Ctrl-C to copy to guest clipboard
- agent detect new clipboard and copy to global one (as it knows was a Ctrl-Shift-C)
Or could be implemented by spice client instead of the agent (just having a vm clipboard copied from the agent and a global one)

Frediano