QubesOS/qubes-core-admin-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Mitigate GUI DoS (part 2: qvm-xkill)

Browse Source 
Can close windows of a VM while it's paused, and can not accidentally
harm dom0 by errant clicking.

Discussion in https://github.com/QubesOS/qubes-issues/issues/881

Thanks to rustybird for suggested implementation.
This commit is contained in:
Jean-Philippe Ouellet 2016-11-26 21:59:16 -05:00
parent 73ba5f805b
commit be1d984364
No known key found for this signature in database
GPG Key ID: E7E455013D042EA1
2 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
qvm-xkill Normal file
View File

@ -0,0 +1,10 @@
#!/bin/sh
set -e
ID=$(xdotool selectwindow)
xprop -id "$ID" _QUBES_VMNAME | grep -q ' = ' \
|| { echo "${0##* /}: Not killing dom0 window $ID" >&2; exit 1; }
xdotool windowkill "$ID"

3
rpm_spec/core-dom0-linux.spec
View File

@ -48,6 +48,7 @@ BuildRequires: qubes-libvchan-devel
Requires: qubes-core-dom0
Requires: qubes-utils >= 3.1.3
Requires: %{name}-kernel-install
Requires: xdotool
%define _builddir %(pwd)
@ -159,6 +160,7 @@ install -m 644 -D system-config/75-qubes-dom0.preset \
$RPM_BUILD_ROOT/usr/lib/systemd/system-preset/75-qubes-dom0.preset
install -m 644 -D system-config/99-qubes-default-disable.preset \
$RPM_BUILD_ROOT/usr/lib/systemd/system-preset/99-qubes-default-disable.preset
install -m 755 qvm-xkill $RPM_BUILD_ROOT/usr/bin/
# file copy to VM
install -m 755 file-copy-vm/qfile-dom0-agent $RPM_BUILD_ROOT/usr/lib/qubes/
@ -283,6 +285,7 @@ chmod -x /etc/grub.d/10_linux
%config(noreplace) /etc/profile.d/zz-disable-lesspipe
/usr/lib/systemd/system-preset/75-qubes-dom0.preset
/usr/lib/systemd/system-preset/99-qubes-default-disable.preset
/usr/bin/qvm-xkill
# Man
%{_mandir}/man1/qvm-*.1*
%{_mandir}/man1/qubes-*.1*