From: William Hubbs <w.d.hubbs@gmail.com>
To: speakup mailing list <speakup@braille.uwo.ca>
Subject: clipboard integration -- possible security implications
Date: Tue, 20 Oct 2009 16:00:34 -0500 [thread overview]
Message-ID: <20091020210034.GB32242@linux1> (raw)
All,
There have been a couple of requests to integrate the speakup cut/paste
functionality with the X clipboard so that cutting something to the
speakup clipboard also puts that data on the x clipboard and vice versa
so that you could cut and paste between the console and the gui.
Chris and I were discussing this today on IRC and we think there are
possible security implications.
The first concern is that X is multi user. I don't know if orca works
this way, but it is possible for multiple users to run X servers on one
computer and have the displays redirected to their own computers.
If we were to modify X so that putting something on an X clipboard
would also put it in speakup's clipboard, there is no way to know what
would be in speakup's clipboard at any point in a multi user situation.
We also thought about exposing the speakup clipboard as a sys file so
you could just access it with xclip and copy it into the X clipboard.
The concern is that in order for this to be useful, it would have to be
either group or world readable so that you didn't have to become root
every time you wanted to copy from the speakup clipboard to the gnome
clipboard. Since you can store any information, including personal
information, in the clipboard, this opens up a security hole. Someone
could read the sys file without you knowing about it and they would have
whatever information was in the file when they read it.
Any feedback, comments, etc are welcome. Please let us know what you
think.
William
next reply other threads:[~ UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
William Hubbs [this message]
` Zachary Kline
` Glenn Ervin
` Chris Brannon
` Tony Baechler
` William Hubbs
` Gregory Nowak
` Jason White
` Tony Baechler
` William Hubbs
` Tony Baechler
` Chris Brannon
` Gaijin
` Chris Brannon
` Tony Baechler
` William Hubbs
` Tony Baechler
` Chris Brannon
` Steve Holmes
` Tony Baechler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091020210034.GB32242@linux1 \
--to=w.d.hubbs@gmail.com \
--cc=speakup@braille.uwo.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).