I just stumbled on qvm-get-image and qvm-get-tinted-image (dom0 commands). To my surprise, these sanitize-copied arbitrary images from untrusted VM directly to dom0.
My take on this:
This makes it too easy to transfer files to dom0. Rather image transfer should be made difficult in a similar way to clipboard/text transfer from any VM to dom0.
Is there still any usage for these commands? Might it be even used to transfer background images?
Otherwise I would favor deleting them. If still needed, my suggestion is to reword the description:
Secure copy of images between any virtual machine to dom0
This is a suggestion to make dom0 more isolated and avoid confusion.
I copied an image by accident, misreading the command’s description and expecting something like copy between two different untrusted VMs. Having arbitrary image placed in dom0 was rather buffling for me.
Well they are not widely advertised or promoted, and they do have some use.
They were introduced as tradeoff between security and usability.
I still prefer the “full screen and screenshot” route for backgrounds.