[winswitch] secure clipboard syncing?
thomas at koch.ro
Fri Oct 4 10:25:14 BST 2013
On Wednesday, October 02, 2013 12:41:53 PM Antoine Martin wrote:
> On 02/10/13 13:53, Timo Juhani Lindfors wrote:
> > Hi,
> > I recently became aware that if I keep xpra connections open to
> > potentially malicious servers they can see everything that I copy to my
> > clipboard. This is natural and often probably not a huge problem.
> > However, would it be possible to have something like "--no-clipboard"
> > that I could toggle at runtime so that I could enable clipboard syncing
> > for one server just for the duration when I need to actively copy&paste
> > stuff between that server and my local system?
> That's exactly what the "Clipboard" toggle in your xpra system tray does.
It might be a useful security enhancement to have a third option for the
clipboard syncinc besides on and off: Sync only on request.
This third option could be used for untrusted systems. I could define a
keybinding that would sync my current clipboard content from the local system
to the remote system.
The other sync direction from remote to local could still remain enabled. The
only danger I can imagine is that the guest system could put compromising
commands in my clipboard in exactly the right moment before I paste from my
clipboard into my local (root) shell. But how should an attacker now the right
Regards, Thomas Koch
More information about the shifter-users