On Thu, Mar 30, 2017 at 5:31 AM, Chris Laprise <tas...@openmailbox.org> wrote: > You don't even need to rely on the window title for the security aspect: The > _QUBES_VMNAME window property will tell you. For example: > > $ CUR_WINDOW=`xdotool getwindowfocus` > $ VMNAME=`xprop _QUBES_VMNAME -id $CUR_WINDOW | cut -d \= -f2 | tr -d '"'`
The issue I raise is not pasting into the wrong VM, I think that's easy enough to avoid already. The concern is pasting the wrong password into an expected site in the expected VM because that site spoofed its window title (which is under full javascript control) while dom0 observed it to choose which password to deliver. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CABQWM_BpjhE8YkEXe-rHnCuU3aXHKKkMCtzP1FqShyBLUKCZKA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
