Hey, On Tue, Jan 09, 2018 at 09:46:48AM -0500, Marc-André Lureau wrote: > ----- Original Message ----- > > This is used to prevent unfocused guests from sniffing the clipboard > > content without the host or other guests noticing. This can be a > > security issue if any VM can track the clipboard activity in the > > session. > > This commit sets a boolean in SpiceGtkSession on focus in/out events. > > The client -> guest sending of clipboard data is then delayed until the > > window is focused again. This behaviour matches the behaviour we get on > > Wayland. > > > > This mostly solves https://bugzilla.redhat.com/show_bug.cgi?id=1320263 > > As Hans corrected in the bug, the data isn't actually transferred until the guest actually requested it. > > Now, a malicious guest could try to get the clipboard content in a loop, even without previous notification of clipboard content. Yes, that's the issue, for example 'watch xsel -o --clipboard' > However, isn't this true for any application running in the client > desktop? What makes Spice guest different here? And by that I mean > that the problem shouldn't probably be solved at the spice/spice-gtk > level. What makes spice different here is that it's used to access a VM, and a VM is supposed to give you isolation. If some hostile code is running in the VM, its impact on the host/client OS should be minimal. The fact that a VM with an open client connection can monitor everything that goes in the clipboard breaks that isolation. For example, I have a ton of password going through my clipboard, which I don't necessarily want VM to have direct access to. > I am not that familiar with Wayland clipboard behaviour, could you > explained what changed? That could help me to understand this patch > better. I'll detail this in the commit log, but if you try the 'watch' command from above in a VM, then copy something to your clipboard on the client, you'll notice that the clipboard content shows up in the VM only after you give it focus. In a way, this answers your "this shouldn't be solved at the spice/spice-gtk level" concern, and this was indeed solved at a different level. However, we still have the issue on x11 for now. Christophe
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel