Proxying Wayland for security
Simon Ser
contact at emersion.fr
Wed Jul 28 13:42:31 UTC 2021
On Wednesday, July 28th, 2021 at 15:36, Alyssa Ross <hi at alyssa.is> wrote:
> That's good to know, but even so, there's no way for the compositor to
> know that the interaction corresponds to a user intent to paste. So an
> application could still abuse a mouseover, or just some unrelated typing
> in its window, to read the clipboard contents when the user wasn't
> expecting it to.
A mouse-over shouldn't be enough. Typing events shouldn't be relayed
to the malicious client if it doesn't have focus. So the user would
really need to manually give focus to the malicious client for it to
be able to read the clipboard.
Yes, a wide transparent window can fool the user into doing this.
Compositor-side toplevel decorations can mitigate this a bit. Also clicks
captured by the malicious client won't go through so the user _should_
notice. I agree it's still not that great, but compositors can implement
more checks as they see fit, and we're not 50% of the way there anyways.
More information about the wayland-devel
mailing list