Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent ability to enable copy/paste from Guacamole VMs #7

Open
jonnyry opened this issue Nov 29, 2023 · 0 comments
Open

Prevent ability to enable copy/paste from Guacamole VMs #7

jonnyry opened this issue Nov 29, 2023 · 0 comments
Labels
enhancement New feature or request SATRE SATRE compliance

Comments

@jonnyry
Copy link

jonnyry commented Nov 29, 2023

Background

SATRE requirement 2.1.1 states:

2.1.1: You must not allow users to copy data out of your TRE via the system clipboard.
A TRE user must not be able to copy sensitive data out of a workspace using the system clipboard. A TRE may allow user to paste text into a workspace. This might not be relevant to your TRE, for example if your user interface does not have a clipboard.

The TRE does provide the ability for an administrator or workspace owner to restrict copy/paste functionality within Virtual Machines, by checking the "Disable Copy" and "Disable Paste" boxes during machine creation:

285842476-0f4ec253-68fa-4dbb-aea2-9213ae3b22f4

However as per https://github.com/nwsde/nwsde-satre/issues/43 this should be locked down further.

Implementation

Disable the ability to provision VMs with copy/paste facility:

  • grey out the "Disable 'Copy'" and "Disable 'Paste'" checkboxes
  • enforce this in backend infrastructure code, to ensure it can't be overriden
@jonnyry jonnyry added the enhancement New feature or request label Nov 29, 2023
@jonnyry jonnyry transferred this issue from another repository Dec 4, 2023
@jonnyry jonnyry added the SATRE SATRE compliance label Dec 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request SATRE SATRE compliance
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jonnyry