[Spice-devel] [virt-tools] Feature Request - Secure clipboard

Frediano Ziglio fziglio at redhat.com
Mon Apr 27 07:40:03 PDT 2015 

> 
> On 04/27/2015 11:38 AM, Frediano Ziglio wrote:
> >>
> >> A secure clipboard is nice to have becuase there's no tradeoff between
> >> convenience and safety. A vm can read the global clipboard only when you
> >> want it. The Xen based Qubes has it and I don't see why KVM's spice and
> >> libvirt can't. Here is how they did it:
> >>
> >>
> >> slide 10 from
> >>
> >> https://events.linuxfoundation.org/sites/events/files/slides/LinuxCon_2014_Qubes_Tutorial.pdf
> >>
> >> Challenge: copy clipboard from VM “Alice” to VM “Bob”, don’t let VM
> >> “Mallory” to learn
> >> its content in the meantime
> >>
> >> Solved by introducing Qubes “global clipboard” to/from which copy/paste is
> >> explicitly
> >> controlled by the user (Ctrl-Shift-C, Ctrl-Shift-V)
> >>
> >> Requires 4 stages:
> >> Ctrl-C (in the source VM)
> >> Ctrl-Shift-C (tells Qubes: copy this VM buffer into global clipboard)
> >> Ctrl-Shift-V (in the destination VM: tells Qubes: make global clipboard
> >> available to this VM)
> >> Ctrl-V (in the destination VM)
> >> Ctrl-Shift-C/V cannot be injected by VMs (unspoofable key combo).
> >>
> >> In practice almost as fast as traditional 2-stage copy-paste (don’t freak
> >> out! ;)
> 
> Thanks for suggesting that.
> 
> >>
> >>
> >> More technical explanation
> >>
> >> https://www.qubes-os.org/doc/CopyPaste/
> >
> > Would not easier for user and for us to implement just Ctrl-Shift-C/V ?
> 
> Frediano, I'm not following what you suggest here.
> Do you mean implement just one operation of the two ?
> 

Sort of. Let guest handle its own copy&paste that won't leave the guest space but implement a super copy&paste (Ctrl-Shift-C/V) that copy outside the virtual machine or paste from outside the virtual machine.

> Today we have two-stage copy/paste support: following steps 1 and 4
> above. Note that those steps involve applications on
> the guest.
> Steps 2,3 are done automatically when clipboard operation is requested.
> 
> The suggestion is to do steps 2,3  only upon specific request.
> 
> > The idea is:
> > - spice client see the Ctrl-Shift-C
> > - spice send a command to agent
> > - agent inject a Ctrl-C to copy to guest clipboard
> > - agent detect new clipboard and copy to global one (as it knows was a
> > Ctrl-Shift-C)
> > Or could be implemented by spice client instead of the agent (just having a
> > vm clipboard copied from the agent and a global one)
> 
> Thanks,
>      Uri.
> 
> 

I hope is more clear now.

Frediano

More information about the Spice-devel mailing list