[Spice-devel] RFC [spice-gtk] session: Allow to delay sending clipboard to the guest

Jakub Janku jjanku at redhat.com
Thu Jan 11 16:34:15 UTC 2018 

On Thu, Jan 11, 2018 at 3:29 PM, Marc-André Lureau
<marcandre.lureau at redhat.com> wrote:
>
> Hi
>
> ----- Original Message -----
> > On Wed, Jan 10, 2018 at 06:48:14PM -0500, Marc-André Lureau wrote:
> > > Hi
> > >
> > > ----- Original Message -----
> > > > On Tue, Jan 09, 2018 at 12:16:33PM -0500, Marc-André Lureau wrote:
> > > > > I think it's problematic for traditional applications as well.
> > > > > clipboard access is probably going to be limited by default and only
> > > > > accessed through so-called "portals", just like file access etc. This
> > > > > topic should be brought on desktop / flatpak mailing list.
> > > >
> > > > Maybe in some distant future, all applications everyone is running will
> > > > be flatpak, and will be using portals to improve security. The same
> > > > thing can be said regarding wayland, which does not have this issue.
> > > > Some time in the future, this will become a non-issue. However, solving
> > > > this now on x11 is definitely not something which should be related to
> > > > portals/flatpak in my opinion.
> > >
> > > I propose a --spice-disable-clipboard, and client UI to switch on/off
> > > clipboard sharing functionality.
> > >
> > > Something different will likely break some clipboard users or lower
> > > experience.
> >
> > One additional note on that, I was initially worried about which use
> > cases were going to be broken by these changes. Then I realized that the
> > very same use cases would be broken when using wayland (after taking into
> > account Jakub's comments). Since this potential breakage will happen
> > anyway whether we want it or not, it's not going to make a big
> > difference if we do the same when running on  X11.
>
> So this change isn't needed for Wayland, and your patch changes the clipboard behaviour to be similar as Wayland.
>
> Why couldn't this be done at Gtk level? This would give a similar clipboard behaviour for all Gtk app wether they run on Wayland or X, or windows etc. They would also benefit the same "added security".

Do you think this change would make it to GTK3? I think it could
potentially break some apps. Note that e.g. spice-vdagent takes
advantage of this "security issue" in X11 - it has no window and
listens for the clipboard changes all the time.
(it seems that clipboard system for GTK 4 has been reworked quite a
bit - see https://git.gnome.org/browse/gtk+/log/?h=wip/otte/clipboard
- this is already merged into master)

Cheers,
  Jakub

More information about the Spice-devel mailing list