I see that copying files into dom0 is not advised but it’s not clear what the alternative is for getting configuration files.
For example, I’m looking at some of the i3 configuration examples such as the i3 config file and dmenu script. These are only useful in dom0, yet dom0 has no network access. So how would one get these kinds of files into dom0 without downloading them into an appVm and copying them as is advised against?
Or is this an exception to the rule?
The page you have referenced tells you how to copy files to dom0,
as you are aware.
Configuration files are within the “few reasons” that are clearly
acceptable.
You can inspect the files and confirm that they are plain text and
harmless within the Qubes context.
The same would go for Salt states and configuration files, though there
is more scope here for error if you are unclear about Salt.
Thanks for the clarification. As a newbie still trying to wrap my head around the qubes security model, I would say it’s not necessarily so clear.
At the risk of being overly paranoid, the reason it’s suggested that you not copy into dom0 is that you’re moving files from a less trusted environment which could “compromise the security of your Qubes system”. Theoretically if the vm you’re copying from is compromised and there’s an exploitable bug in whatever tool you use on dom0 to inspect the file (e.g., cat) the file could be malicious and yet appear benign. Perhaps such an exploit in such a basic tool is Game Over anyway.
Probably so: if you have doubts you could use multiple tools. If cat
is exploitable then you are probably hosed just getting the file into
dom0.
On secure systems I would always type in configuration and salt files in
dom0.
One point that needs to be made is that in many cases, there is no
issue in simply copying files to a higher security qube (including
dom0).
The problems come when those files are used.
And since most users are not careful it’s better not to raise the risk
profile. That’s why it is difficult to copy files in to dom0, and
sensible to use a qrexec policy to prohibit copying files in to high
security qubes.