Re: [RFC 0/8] Clipboard - using MIME types

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On Tue, Jun 05, 2018 at 05:55:44AM -0400, Frediano Ziglio wrote:
> > Hi,
> >
> > these patches introduce support for transferring arbitrary
> > type of clipboard data between spice-gtk client and linux
> > vdagent.
> >
> > At the moment, VDAgentClipboard* messages are used to
> > exchange data. These messages use spice-defined identifiers
> > to describe the type of data (such as
> > VD_AGENT_CLIPBOARD_UTF8_TEXT, VD_AGENT_CLIPBOARD_IMAGE_PNG,
> > ...) and hence the number of formats, in which data can be
> > transferred, is limited (see atom2agent[] in clipboard.c in
> > spice-vdagent).
> >
> > This series would intorduce new VDAgentSelection* messages
> > which use MIME types to identify the format of the data.
> >
> > Related: https://bugzilla.redhat.com/show_bug.cgi?id=1381906
> >
> > Cheers,
> > Jakub
> >
>
> What worry me more of this series is security and
> compatibility.  Beside code containing multiple integer
> overflows leading to possible buffer overflows I more worried
> by the design.
> Previously formats where fixed so more in control.

I think that spice clients should try to behave in similar way to
other desktop applications. Having a fixed subset is more control
but not too great user experience.

> What happens if you paste a rich text in HTML format containing
> javascript code for instance?

Maybe for some bothersome types we could have them blacklisted
(instead of whitelisting)

> I remember when HTML e-mail were introduced and basically we had
> security patches for years. This series is very similar. Did you
> try to break something or did you just assume nobody will try to
> break stuff?
> The other is compatibility. If you copy from Linux to Linux maybe
> will success but what happens if you try to copy rich text for
> instance from Windows to Linux or vice versa?
>
> Frediano

Cheers,
        toso

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Spice-devel mailing list
Spice-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/spice-devel
[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]     [Monitors]