On Wednesday, October 02, 2013 12:41:53 PM Antoine Martin wrote: > On 02/10/13 13:53, Timo Juhani Lindfors wrote: > > Hi, > > > > I recently became aware that if I keep xpra connections open to > > potentially malicious servers they can see everything that I copy to my > > clipboard. This is natural and often probably not a huge problem. > > > > However, would it be possible to have something like "--no-clipboard" > > that I could toggle at runtime so that I could enable clipboard syncing > > for one server just for the duration when I need to actively copy&paste > > stuff between that server and my local system? > > That's exactly what the "Clipboard" toggle in your xpra system tray does.
It might be a useful security enhancement to have a third option for the clipboard syncinc besides on and off: Sync only on request. This third option could be used for untrusted systems. I could define a keybinding that would sync my current clipboard content from the local system to the remote system. The other sync direction from remote to local could still remain enabled. The only danger I can imagine is that the guest system could put compromising commands in my clipboard in exactly the right moment before I paste from my clipboard into my local (root) shell. But how should an attacker now the right moment? Regards, Thomas Koch _______________________________________________ shifter-users mailing list [email protected] http://lists.devloop.org.uk/mailman/listinfo/shifter-users
