[winswitch] secure clipboard syncing?

Thomas Koch thomas at koch.ro
Fri Oct 4 10:25:14 BST 2013


On Wednesday, October 02, 2013 12:41:53 PM Antoine Martin wrote:
> On 02/10/13 13:53, Timo Juhani Lindfors wrote:
> > Hi,
> > 
> > I recently became aware that if I keep xpra connections open to
> > potentially malicious servers they can see everything that I copy to my
> > clipboard. This is natural and often probably not a huge problem.
> > 
> > However, would it be possible to have something like "--no-clipboard"
> > that I could toggle at runtime so that I could enable clipboard syncing
> > for one server just for the duration when I need to actively copy&paste
> > stuff between that server and my local system?
> 
> That's exactly what the "Clipboard" toggle in your xpra system tray does.

It might be a useful security enhancement to have a third option for the 
clipboard syncinc besides on and off: Sync only on request.

This third option could be used for untrusted systems. I could define a 
keybinding that would sync my current clipboard content from the local system 
to the remote system.

The other sync direction from remote to local could still remain enabled. The 
only danger I can imagine is that the guest system could put compromising 
commands in my clipboard in exactly the right moment before I paste from my 
clipboard into my local (root) shell. But how should an attacker now the right 
moment?

Regards, Thomas Koch



More information about the shifter-users mailing list