Being Unable to Easily Copy to dom0 Frustrating

wmrom2 · March 27, 2025, 5:55pm

I understand the risk of allowing this, because it means a malicious program or code could try to somehow copy code to dom0 and run it and so it would be a large attack vector.

But couldn’t this be occasionally enabled in dom0 to copy commands? It takes so much extra time to use cat and figure out the name of the VM, often disp. It probably takes 4 minutes if I’m doing it quickly, and sometimes there may be a lot to copy.

Please don’t tell me about the trade-off between convenience and security, but this is one of the most frustrating parts of Qubes.

solene · March 27, 2025, 6:34pm

Did you mean copy from dom0?

barto · March 27, 2025, 6:57pm

Seems exaggerated

unman · March 27, 2025, 11:50pm

I’m sorry you find this an issue.
It is, indeed. a trade off between convenience and security with the
balance here tipped to security, because of the importance of dom0.

You should rarely need to copy things in to dom0. But if you do, then
you could ease your pain by using a script to help you find a file and
copy it in to dom0.

It shouldn’t take long to figure out the name of the qube, since it’s
always displayed in the title bar of a window.

But a script based on:

#!/usr/bin/bash
cd /home/user/Downloads

if [ $# -eq 3 ]; then
  if [ $1 == 'l' ]; then
    qvm-run -p $2 -- "ls $3"
  else
    echo "get [l] QUBE PATH_FILE"
    exit
  fi
elif [ $# -eq 2 ]; then
qvm-run -u root -p $1 -- cat $2 > $(basename $2)
else
echo "get [l] QUBE PATH_FILE"
fi
exit

might ease your pain.

Of course, that’s just the basis for a script that might help.
I’m not sure I’d use it myself.

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

wmrom2 · March 28, 2025, 2:18am

unman:

But a script based on:

#!/usr/bin/bash
cd /home/user/Downloads

if [ $# -eq 3 ]; then
  if [ $1 == 'l' ]; then
    qvm-run -p $2 -- "ls $3"
  else
    echo "get [l] QUBE PATH_FILE"
    exit
  fi
elif [ $# -eq 2 ]; then
qvm-run -u root -p $1 -- cat $2 > $(basename $2)
else
echo "get [l] QUBE PATH_FILE"
fi
exit

might ease your pain.

i get your point that i’m being lazy, it’s just these things add up over a long period of usage.

your reply also made me lolz

it’s also possible that i am just not understanding the script. it provides the same utility as looking at the window bar, right? because if so, that’s funny. if not, i need to learn more about scripting.

wmrom2 · March 28, 2025, 2:18am

no

wmrom2 · March 28, 2025, 2:19am

you’re probably smarter and quicker than i am

parulin · March 28, 2025, 6:38am

I don’t understand what you’re doing with dom0. Why not copy-paste things in another qube?

snorkelcake · March 28, 2025, 7:56am

Here is how I copypaste from a Qube to dom0: Write the desired content in the Qube into a text file. Then run qvm-run --pass-io ExactNameOfYourQube ‘cat /path/to/file.txt ’ in a dom0 terminal. Then you can copy your text in dom0 from the dom0-terminal. Not a great way to do it, but it works and I really rarely need it.

adw · March 28, 2025, 2:46pm

Why do you need to copy/paste into dom0 so much?