On 7 Aug 2024 10:11 +0700, from maniku...@gmail.com (Max Nikulin): > https://lists.debian.org/msgid-search/zrbudbr0nuozn...@tuxteam.de > On 05/08/2024 11:26, to...@tuxteam.de wrote: >> On Sun, Aug 04, 2024 at 09:19:33PM +0200, Detlef Vollmann wrote: >>> gpg --decrypt --quiet key.asc | oathtool -b --totp - > [...] >> The xclip part just saves me the clickery. > > Ideally clipboard should be avoided to avoid exposure codes to sniffers. > Some kind of input method might be better. X11 XTest extension allows to > send key events to applications (see xdotool and xvkbd), but it is > considered as an insecure feature per se and may be disabled.
Anything running on X11 can monitor events from anything. So if something can monitor the clipboard, it can also monitor keystrokes. This is a six of one, half a dozen of the other situation. X11 is many things, but it's decidedly not an isolated environment for running untrusted code. -- Michael Kjörling 🔗 https://michael.kjorling.se “Remember when, on the Internet, nobody cared that you were a dog?”
