> On 17 Jan 2018, at 11:16, Javier Celaya <javier.celaya@xxxxxxxxxxx> wrote:
>
> El vie, 12-01-2018 a las 08:05 -0500, Marc-André Lureau escribió:
>> Hi
>>
>> ----- Original Message -----
>>> On Thu, Jan 11, 2018 at 12:35:36PM -0500, Marc-André Lureau wrote:
>>>>> I agree with you that some help from the windowing/toolkit
>>>>> would be good
>>>>> to have, but in this case, I doubt we are going to be able to
>>>>> do better
>>>>> than managing this in spice-gtk.
>>>>
>>>> Yet it is already being solved at a lower level, where you can
>>>> actually
>>>> enforce that behaviour.
>>>
>>> Yes, it is solved with wayland. The question I'm asking/the problem
>>> I'm
>>> trying to solve is what do we do for existing systems using Xorg
>>> and
>>> gtk+3. With Xorg being phased out (which will still take a few
>>> years),
>>> and gtk+3 being phased out (again, will take at least a few years),
>>> I
>>> don't see this kind of clipboard behaviour changes going into
>>> either of
>>> these. Maybe I'm wrong, but assuming I'm not, then either we fix it
>>> ("it" being xorg + gtk3) in spice-gtk even though that's not the
>>> best
>>> place, or we don't fix it at all.
>>>
>>> If we decide to do something in spice-gtk, one option is to only
>>> send
>>> the clipboard when the window is focused, which will reduce the
>>> attack
>>> surface for everyone, and hopefully will have minimal impact.
>>> Another option (which is not exclusive) is to add command-
>>> line/runtime
>>> ways of enabling/disabling clipboard sharing, which you will either
>>> have
>>> to know about it if it's enabled by default, or will be quite
>>> disruptive
>>> if we disable clipboard sharing by default.
>>
>> Is it really a security reason the clipboard behaviour is different
>> on Wayland? For me, this "share on focus" is not a more secure
>> behaviour.
>
> If I may, IMHO spicy is doing the "secure" thing here: You can select
> to either share the clipboard automatically or manually with the
> corresponding UI actions (copy/paste to/from guest). Doing it manually
> will never expose your clipboard to the guest unadvertedly.
Just curious, how does that work if you select a “Paste” menu option with the mouse instead of keyboard?
Thanks
Christophe
>
> Adding these actions to other SPICE clients requires more work than the
> "share on focus" feature, but as Marc-André says, some UI changes will
> be required anyway.
>
>>
>>>
>>> I'd lean towards doing "clipboard sharing for focused client" +
>>> "command-line/runtime option, with clipboard sharing enabled by
>>> default".
>>
>> I'd rather stick with a simple command-line & runtime option.
>> _______________________________________________
>> Spice-devel mailing list
>> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
>> https://lists.freedesktop.org/mailman/listinfo/spice-devel
>>
> --
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> Javier Celaya
>
>
>
>
> Chief Technology Officer
>
>
>
>
>
>
>
> javier.celaya@xxxxxxxxxxx
>
>
>
>
>
> +34 696 969 959
>
>
>
>
>
> @j_celaya
>
>
>
>
> Legal Information and Privacy Policy
>
>
>
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel@xxxxxxxxxxxxxxxxxxxxx
> https://lists.freedesktop.org/mailman/listinfo/spice-devel
_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel