xpra icon
Bug tracker and wiki

Opened 5 years ago

Last modified 8 months ago

#273 accepted enhancement

handle more clipboard formats, converting them on the fly

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: minor Milestone: 3.0
Component: core Version:
Keywords: clipboard security Cc:

Description

At the moment, we simply drop these types of clipboard data:

if type in ("WINDOW", "PIXMAP", "BITMAP", "DRAWABLE", "PIXEL", "COLORMAP"):
    debug("skipping clipboard data of type: %s, format=%s, len(data)=%s", dtype, dformat, len(data))
    return None, None

We could try to handle some of those, and provide them in multiple formats since we generally have PIL available for converting between formats.

From a security POV, it probably makes sense to always convert formats so that we can "guarantee" that the data we send over the wire is not malicious?
Think: an application providing a JPEG based buffer overflow via the clipboard: worst case scenario is that the xpra server crashes parsing it or maybe it gets compromised, but the client machine will not receive the malicious content directly.
But then again, if you can exploit the server, you can then inject the bad content in there.. I guess it's still a first line of defense.

Change History (6)

comment:1 Changed 5 years ago by Antoine Martin

Milestone: 0.91.0
Status: newaccepted

comment:2 Changed 4 years ago by Antoine Martin

Now that both OSX and win32 are using synchronous clipboard code (pretty much) and OSX is using at least some native call (see #318 for details)
It probably makes sense to use native libraries directly for accessing rich formats:

comment:4 Changed 17 months ago by Antoine Martin

Milestone: 1.01.1

Milestone renamed

comment:5 Changed 15 months ago by Antoine Martin

Milestone: 1.12.0

Milestone renamed

comment:6 Changed 8 months ago by Antoine Martin

Milestone: 2.03.0
Note: See TracTickets for help on using tickets.