I want to pass standard input securely from dom0 to domU (specific qubes). One possibility:
qvm-run -p my-qube "cat - > ~/local/path/file" < /some/file
-p can inherently be dangerous. Since dom0 also receives standard input from domU , it opens a potential attack vector for dom0:
–pass-io, -p pass stdio from remote program
Is there a way to enforce only one-way-passing of input in direction to less-privledges qubes in domU (dom0 → domU)?
I could do something like:
qvm-run -p my-qube "cat - > ~/local/path/file" < /some/file > /dev/null
Is that as secure as not passing
-p at all, cause any shell/terminal interpreting of qube input in dom0 is prevented by throwing it away?
Still I have to remember this every time. One one is perfect, mistakes will happen…
PS: Passing a file as standard input is only an example. It might as well be some code snippet via here doc.