[winswitch] secure clipboard syncing?

Antoine Martin antoine at nagafix.co.uk
Sun Oct 6 06:20:16 BST 2013


On 04/10/13 16:25, Thomas Koch wrote:
> On Wednesday, October 02, 2013 12:41:53 PM Antoine Martin wrote:
>> On 02/10/13 13:53, Timo Juhani Lindfors wrote:
>>> Hi,
>>>
>>> I recently became aware that if I keep xpra connections open to
>>> potentially malicious servers they can see everything that I copy to my
>>> clipboard. This is natural and often probably not a huge problem.
>>>
>>> However, would it be possible to have something like "--no-clipboard"
>>> that I could toggle at runtime so that I could enable clipboard syncing
>>> for one server just for the duration when I need to actively copy&paste
>>> stuff between that server and my local system?
>> That's exactly what the "Clipboard" toggle in your xpra system tray does.
> It might be a useful security enhancement to have a third option for the 
> clipboard syncinc besides on and off: Sync only on request.
You seem to misunderstand how the X11 clipboard works: what is
synchronized is not the clipboard contents themselves, but the ownership
of the clipboard selection.
In other terms: which application will provide the clipboard data when
requested by another application.
In our terms: which end (client or server) owns a particular clipboard
selection.
For more information, there are lots of pointers on the wiki:
http://xpra.org/trac/wiki/Clipboard
> This third option could be used for untrusted systems. I could define a 
> keybinding that would sync my current clipboard content from the local system 
> to the remote system.
>
> The other sync direction from remote to local could still remain enabled. The 
> only danger I can imagine is that the guest system could put compromising 
> commands in my clipboard in exactly the right moment before I paste from my 
> clipboard into my local (root) shell. But how should an attacker now the right 
> moment?
There is already a ticket for limiting the clipboard direction:
http://xpra.org/trac/ticket/276
It would not be very difficult to implement, but it isn't high on the
priority list either.
These sorts of options are usually added to the tray menu and adding a
key shortcut would be just a matter of adding an option to the
"--key-shortcut=XXX" command line option.

Please also note that the paranoid can already use clipboard contents
filters:
http://xpra.org/trac/ticket/274
I am in no way claiming that it is possible to provide a comprehensive
list of regular expressions that would filter out all dangerous
clipboard data - just mentioning that the option exists.

Antoine

>
> Regards, Thomas Koch




More information about the shifter-users mailing list