[Spice-devel] [spice-gtk [rfc] 0/2] Clipboard managers and Spice

Victor Toso victortoso at redhat.com
Wed Jan 16 06:03:45 UTC 2019


Hi,

On Wed, Jan 16, 2019 at 12:08:31AM +0400, Marc-André Lureau wrote:
> On Tue, Jan 15, 2019 at 8:11 PM Victor Toso <victortoso at redhat.com> wrote:
> >
> > From: Victor Toso <me at victortoso.com>
> >
> > Hi,
> >
> > Several iteractions trying to avoid some bug in X11 but in the end I
> > found the iteraction with Clibpoard managers (or any other application
> > that request/set clipboard data) a bit more urgent.
> >
> > Simple try here, to not allow another application to request clipboard
> > data from guest while the user is theoretically interacting with that
> > guest machine as spice client holds the keyboard-grab.
> >
> > As pointed out by elmarco [0], that might be something desireable. So,
> > I'm introducing the possibility to enable it but have it disabled by
> > default.
> 
> Iho, this kind of desktop policy doesn't belong in spice-gtk.

Spice protocol implements this grab/request/release and who
send/receive those messages should be wary of them.

> If you don't trust the desktop, how can you trust the client
> itself?

What? How many process do you have running in you machine? Do you
know every little thing about them? Do you expect all users to
trust every piece of software running on all target desktops?

For all I know, browsers might run malicious javascript code that
interact with clipboard; X11 is bad by design in ta regard; In
GNOME3, GPaste running with x11 backend was able to get clipboard
data

> Isn't it already the clipboard behaviour on Wayland?

Why you bring 'wayland' on a generic proposal while you nack x11
proposal by bringing 'not being generic'?

> If really more secure, shouldn't it be enforced at a
> lower-level, at gtk level?

Gtk handles application policies. Spice, in some regards, should
extend that, if the rationale here is good enough for that.

> In any case, I don't think this needs to delay v0.36, since
> it's not a regression. Hopefully, you agree and we can solve
> this for the next release.

You are eager to do a release :)

I should probably have put the 'since 0.37' for the proposal but
this is jut a RFC, I wish we could discuss why this is important
instead of merging it quickly for a release or not.

(so, yes, go ahead with the release and thanks for pushing for
that!)

> > Tested on X11 and Wayland clients.
> >
> > There are more than on away to achieve this idea so feedback is welcome.
> >
> > I expect that the spice client would implement some sort to commandline
> > option like --allow-clipobard-managers to enable/disable the
> > SpiceGtkSession property on the fly. For now, there is an option in
> > spicy testing tool.
> >
> > James, would be great if you could verify if this series keep your
> > environment bug free.
> >
> > Cheers,
> >
> > Victor Toso (2):
> >   gtk-session: introduce clipboard-managers property
> 
> 
> >   gtk-session: add request targets delayed
> >
> >  src/spice-gtk-session.c | 128 +++++++++++++++++++++++++++++++++++++---
> >  tools/spicy.c           |   6 ++
> >  2 files changed, 125 insertions(+), 9 deletions(-)
> >
> > --
> > 2.20.1
> >
> 
> 
> --
> Marc-André Lureau

Victor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.freedesktop.org/archives/spice-devel/attachments/20190116/acbff8d3/attachment-0001.sig>


More information about the Spice-devel mailing list