retsl retsl
retsl
/ ClipGuard.swift
Last active
May 11, 2025 21:21
A proof of concept to authorise copy/paste events between a Mac host and VM
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| OVERVIEW | |
| -------- | |
| * Assumes that it is safe to allow untrusted hosts to connect via (properly configured) SSH | |
| * The options for authorized_keys are taken from forgejo's authorized_keys[^authorized_keys], | |
| so they should provide enough isolation | |
| * Uses swift to be able to display the VM name and action (copy/paste) in the Touch ID prompt | |
| * This does not seem to be possible with sudo, which afaict is the only way to launch a Touch ID | |
| prompt from the shell | |
| * With the text used for Touch ID prompts hardcoded in the authorized_keys commands, VMs shouldn't |