From 396efbd096df1d5c21ac5af6d10056a197a24490 Mon Sep 17 00:00:00 2001 From: Joanna Rutkowska Date: Tue, 11 Dec 2012 18:51:08 +0000 Subject: [PATCH] CopyPaste changed Added stub for Clipboard policy enforcement --- CopyPaste.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CopyPaste.md b/CopyPaste.md index 172832b6..b79d80be 100644 --- a/CopyPaste.md +++ b/CopyPaste.md @@ -24,3 +24,8 @@ On Copy/Paste Security The scheme is *secure* because it doesn't allow other VMs to steal the content of the clipboard. However, one should keep in mind that performing a copy and paste operation from *less trusted* to *more trusted* domain can always be potentially insecure, because the data that we insert might potentially try to exploit some hypothetical bug in the destination VM (e.g. the seemingly innocent link that we copy from untrusted domain, might turn out to be, in fact, a large buffer of junk that, when pasted into the destination VM's word processor could exploit a hypothetical bug in the undo buffer). This is a general problem and applies to any data transfer between *less trusted to more trusted* domain. It even applies to copying files between physically separate machines (air-gapped) systems. So, you should always copy clipboard and data only from *more trusted* to *less trusted* domains. See also [​this article](http://theinvisiblethings.blogspot.com/2011/03/partitioning-my-digital-life-into.html) for more information on this topic, and some ideas of how we might solve this problem in some future version of Qubes. + +Clipboard automatic policy enforcement +-------------------------------------- + +TODO