Skip to content

Commit 8da080c

Browse files
andrewdavidwongandrewdavidwong
committed
Update QubesOS/qubes-issues#8332 service name and explanation
1 parent cb4ec61 commit 8da080c

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

developer/releases/4_2/release-notes.md

+5-1
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,11 @@ We strongly recommend [updating Qubes OS](/doc/how-to-update/) immediately after
5454

5555
- Qubes 4.2 does not support Debian 11 templates (see [supported template releases](/doc/supported-releases/#templates)). Please [upgrade your Debian templates](/doc/templates/debian/#upgrading) to Debian 12.
5656

57-
- Qubes 4.2.2 includes a fix for [#8332: File-copy qrexec service is overly restrictive](https://github.com/QubesOS/qubes-issues/issues/8332). As explained in the issue comments, a change was introduced in Qubes 4.2.0 that caused inter-qube file-copy/move actions to reject filenames containing, e.g., non-Latin characters and certain symbols. This was a backward-incompatible change that should not have been introduced in a minor release. The fix replaces the default file-copy qrexec service that exists in Qubes 4.2.0 and 4.2.1 (`qubes.Filecopy`) with a less restrictive file-copy qrexec service that restores the pre-4.2 behavior (`qubes.Filecopy+allow-all-bytes`). Users who wish to preserve the more restrictive 4.2.0 and 4.2.1 behavior can do so by modifying their RPC policy rules to use the more restrictive service. To switch a single rule to the more restrictive behavior, change `*` in the argument column to `+` (i.e., change "any argument" to "only empty"). To use the more restrictive behavior globally, add a "deny" rule for `qubes.Filecopy+allow-all-bytes` before all other relevant rules. For more information, see [RPC policies](/doc/rpc-policy/) and [Qube configuration interface](/doc/vm-interface/#qubes-rpc).
57+
- Qubes 4.2.2 includes a fix for [#8332: File-copy qrexec service is overly restrictive](https://github.com/QubesOS/qubes-issues/issues/8332). As explained in the issue comments, we introduced a change in Qubes 4.2.0 that caused inter-qube file-copy/move actions to reject filenames containing, e.g., non-Latin characters and certain symbols. The rationale for this change was to mitigate the security risk associated with unusual unicode characters and invalid encoding in filenames, which some software might handle in an unsafe manner and which might cause confusion for users. This change represents a trade-off between security and usability.
58+
59+
After the change went live, we received several user reports indicating more severe usability problems than we had anticipated. Moreover, these problems were prompting users to resort to dangerous workarounds (such as packing files into an archive format prior to copying) that carry far more risk than the original risk posed by the unrestricted filenames. In addition, we realized that this was a backward-incompatible change that should not have been introduced in a minor release in the first place. Therefore, we have decided, for the time being, to restore the original (pre-4.2) behavior by replacing the file-copy qrexec service from Qubes 4.2.0 and 4.2.1 (`qubes.Filecopy`) with a less restrictive service (`qubes.Filecopy+allow-all-names`).
60+
61+
Users who wish to use the more restrictive 4.2.0 and 4.2.1 behavior can do so by modifying their RPC policy rules to use the more restrictive service. To switch a single rule to the more restrictive behavior, change `*` in the argument column to `+` (i.e., change "any argument" to "only empty"). To use the more restrictive behavior globally, add a "deny" rule for `qubes.Filecopy+allow-all-names` before all other relevant rules. For more information, see [RPC policies](/doc/rpc-policy/) and [Qube configuration interface](/doc/vm-interface/#qubes-rpc).
5862

5963
## Download
6064

0 commit comments

Comments
 (0)