[Spice-devel] [spice-gtk [rfc] 0/2] Clipboard managers and Spice

Mon Feb 11 15:04:08 UTC 2019

On Mon, Feb 11, 2019 at 3:05 PM Victor Toso <victortoso at redhat.com> wrote:
>
> Hi,
>
> On Mon, Feb 11, 2019 at 02:46:55PM +0100, Jakub Janku wrote:
> > Hi,
> >
> > not a full review, but this is my main concern with this series:
> >
> > If you enable the new --allow-clipboard-managers property, the
> > behaviour stays the same as it is at the moment, so you're basically
> > enabling a bug in the code and it's being advertised as a feature.
> > This seems just wrong to me.
> >
> > Given that this use-case seems rather rare and that a fix of the race
> > (most likely) requires a change of the protocol, I'm still in favour
> > of accepting a patch like [0] that you sent earlier:
> >
> > [0] https://lists.freedesktop.org/archives/spice-devel/2019-January/047192.html
>
> Those things are unrelated. This series does not intend to solve
> the bug, but to take in consideration sharing or not clipboard in
> situations that might be unexpected.
>
> That is, if user is browsing a website in Firefox app while
> remote-viewer might be sending clipboard changes to remote guest
> or, similarly, user is interacting with some App in the remote
> guest and another application in the client is eavesdropping
> that.
>
> I would like to disable by default those scenarios and if user
> really wants that behavior, it should so something like
> --allow-clipboard-managers.

Ah, I see, so this series tries to address security concerns, correct?

Sorry, I got confused as you mentioned this series today in the
discussion on the patch I linked here:
"The fact that the patch in this mail thread is related to keyboard-grab
was the reason to be nacked. If you want to discuss that, we might move
along to that thread on clibpoard-managers, sent as RFC"

Apart from that, if allow_clipboard_managers is set to FALSE, the
behaviour matches the one with the patch that does try to solve the
bug, although the rationale is different.

>
> > Cheers,
> > Jakub
> >
> > On Tue, Jan 15, 2019 at 5:11 PM Victor Toso <victortoso at redhat.com> wrote:
> > >
> > > From: Victor Toso <me at victortoso.com>
> > >
> > > Hi,
> > >
> > > Several iteractions trying to avoid some bug in X11 but in the end I
> > > found the iteraction with Clibpoard managers (or any other application
> > > that request/set clipboard data) a bit more urgent.
> > >
> > > Simple try here, to not allow another application to request clipboard
> > > data from guest while the user is theoretically interacting with that
> > > guest machine as spice client holds the keyboard-grab.
> > >
> > > As pointed out by elmarco [0], that might be something desireable. So,
> > > I'm introducing the possibility to enable it but have it disabled by
> > > default.
> > >
> > > Tested on X11 and Wayland clients.
> > >
> > > There are more than on away to achieve this idea so feedback is welcome.
> > >
> > > I expect that the spice client would implement some sort to commandline
> > > option like --allow-clipobard-managers to enable/disable the
> > > SpiceGtkSession property on the fly. For now, there is an option in
> > > spicy testing tool.
> > >
> > > James, would be great if you could verify if this series keep your
> > > environment bug free.
> > >
> > > Cheers,
> > >
> > > Victor Toso (2):
> > >   gtk-session: introduce clipboard-managers property
> > >   gtk-session: add request targets delayed
> > >
> > >  src/spice-gtk-session.c | 128 +++++++++++++++++++++++++++++++++++++---
> > >  tools/spicy.c           |   6 ++
> > >  2 files changed, 125 insertions(+), 9 deletions(-)
> > >
> > > --
> > > 2.20.1
> > >