I’d like to use
qvm-run-vm from a vault VM to copy a password to a client’s clipboard, as such:
[vault]$ qvm-run-vm client "echo password | xclip -selection clipboard"
Will the password be logged anywhere in the client? For example running that command in a terminal puts in it my
.bash_history (obviously, and with default bash settings).
If I’m understanding the qrexec-internals documentation correctly, the
qrexec-fork-server is what executes the command sent by
qvm-run-vm. If this is correct, does
qrexec-fork-server leave behind any traces of the password? Would the password be exposed to programs that don’t already have access to the clipboard?