[Spice-devel] RFC [spice-gtk] session: Allow to delay sending clipboard to the guest

Javier Celaya javier.celaya at flexvdi.com
Wed Jan 17 10:16:41 UTC 2018


El vie, 12-01-2018 a las 08:05 -0500, Marc-André Lureau escribió:
> Hi
> 
> ----- Original Message -----
> > On Thu, Jan 11, 2018 at 12:35:36PM -0500, Marc-André Lureau wrote:
> > > > I agree with you that some help from the windowing/toolkit
> > > > would be good
> > > > to have, but in this case, I doubt we are going to be able to
> > > > do better
> > > > than managing this in spice-gtk.
> > > 
> > > Yet it is already being solved at a lower level, where you can
> > > actually
> > > enforce that behaviour.
> > 
> > Yes, it is solved with wayland. The question I'm asking/the problem
> > I'm
> > trying to solve is what do we do for existing systems using Xorg
> > and
> > gtk+3. With Xorg being phased out (which will still take a few
> > years),
> > and gtk+3 being phased out (again, will take at least a few years),
> > I
> > don't see this kind of clipboard behaviour changes going into
> > either of
> > these. Maybe I'm wrong, but assuming I'm not, then either we fix it
> > ("it" being xorg + gtk3) in spice-gtk even though that's not the
> > best
> > place, or we don't fix it at all.
> > 
> > If we decide to do something in spice-gtk, one option is to only
> > send
> > the clipboard when the window is focused, which will reduce the
> > attack
> > surface for everyone, and hopefully will have minimal impact.
> > Another option (which is not exclusive) is to add command-
> > line/runtime
> > ways of enabling/disabling clipboard sharing, which you will either
> > have
> > to know about it if it's enabled by default, or will be quite
> > disruptive
> > if we disable clipboard sharing by default.
> 
> Is it really a security reason the clipboard behaviour is different
> on Wayland? For me, this "share on focus" is not a more secure
> behaviour.

If I may, IMHO spicy is doing the "secure" thing here: You can select
to either share the clipboard automatically or manually with the
corresponding UI actions (copy/paste to/from guest). Doing it manually
will never expose your clipboard to the guest unadvertedly.

Adding these actions to other SPICE clients requires more work than the
"share on focus" feature, but as Marc-André says, some UI changes will
be required anyway.

> 
> > 
> > I'd lean towards doing "clipboard sharing for focused client" +
> > "command-line/runtime option, with clipboard sharing enabled by
> > default".
> 
> I'd rather stick with a simple command-line & runtime option.
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
> 
-- 

 

 






  
    
      
      
        
          
        
      

      
      
        Javier Celaya
      

      
      
        Chief Technology Officer

        
    
    
      
      
        
        javier.celaya at flexvdi.com
      

      
       
        
        +34 696 969 959 
      

      
      
         
        @j_celaya
      

      
        
        Legal Information and Privacy Policy
      

    
  


More information about the Spice-devel mailing list