Hi ----- Original Message ----- > Hey, > > On Tue, Jan 09, 2018 at 09:46:48AM -0500, Marc-André Lureau wrote: > > ----- Original Message ----- > > > This is used to prevent unfocused guests from sniffing the clipboard > > > content without the host or other guests noticing. This can be a > > > security issue if any VM can track the clipboard activity in the > > > session. > > > This commit sets a boolean in SpiceGtkSession on focus in/out events. > > > The client -> guest sending of clipboard data is then delayed until the > > > window is focused again. This behaviour matches the behaviour we get on > > > Wayland. > > > > > > This mostly solves https://bugzilla.redhat.com/show_bug.cgi?id=1320263 > > > > As Hans corrected in the bug, the data isn't actually transferred until the > > guest actually requested it. > > > > Now, a malicious guest could try to get the clipboard content in a loop, > > even without previous notification of clipboard content. > > Yes, that's the issue, for example 'watch xsel -o --clipboard' > > > However, isn't this true for any application running in the client > > desktop? What makes Spice guest different here? And by that I mean > > that the problem shouldn't probably be solved at the spice/spice-gtk > > level. > > What makes spice different here is that it's used to access a VM, and a > VM is supposed to give you isolation. If some hostile code is running in > the VM, its impact on the host/client OS should be minimal. The fact > that a VM with an open client connection can monitor everything that > goes in the clipboard breaks that isolation. For example, I have a ton > of password going through my clipboard, which I don't necessarily want > VM to have direct access to. Spice isn't that tied to the VM or isolation concept. It's a remote display protocol, aiming to blur the lines between remote and locate applications or desktop. As such, it's not that different from say, the X protocol or the Wayland protocol... > > > > I am not that familiar with Wayland clipboard behaviour, could you > > explained what changed? That could help me to understand this patch > > better. > > I'll detail this in the commit log, but if you try the 'watch' command > from above in a VM, then copy something to your clipboard on the client, > you'll notice that the clipboard content shows up in the VM only after > you give it focus. In a way, this answers your "this shouldn't be solved > at the spice/spice-gtk level" concern, and this was indeed solved at a > different level. However, we still have the issue on x11 for now. Ok, but then I think we should accept the fact that this is a x11 "limitation", like many others x11 security issues. If not, try to fix it at a different level, like the toolkit. _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel