My stupid secure clipboard idea for UNIX and X11

Discussion in 'all things UNIX' started by Gullible Jones, Dec 17, 2014.

  1. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    Currently X11 uses a global clipboard that lets any application spy on any other application, or control any other application. This is rubbish.

    My half-baked idea to fix this involves using named pipes, and inverting the usual copy-and-paste metaphor. Instead of copying and pasting, you prime and application to receive content, then make another application send the content.

    Creating the clipboard
    - On start, X generates a named pipe with mkfifo()

    Priming the clipboard
    - You mouse into some application and hit Ctrl-V
    - The application opens the named pipe in read mode

    Invoking the clipboard
    - You mouse to some other application where there is stuff to paste
    - You select the text/etc. to be pasted, and hit Ctrl-C
    - The second application opens the named pipe in write mode
    - It sends the stuff you've pasted as a raw stream of bytes
    - It then sends EOF to close the named pipe
    - The pasted content is read into the first application, and appears in its window

    Why?
    - Because named pipes are FIFO structures. There can be fifty readers, but only the first reader will receive the first message sent down the pipe.
    - Because named pipes are easy to use.
    - Because X already creates a bunch of other temporary files.
    - Because the current thing where any program can spy on the clipboard is just daft.
    - Because this is the only solution that makes any sense to me...

    What do you think?
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    That would be better than a global clipboard viewable by any application, but practically I don't find it essential. Would be a nice change though.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Interesting. The nice thing about those pipes is that they'd be DAC controlled.

    Not sure how feasible it would be though.
     
  4. Gullible Jones

    Gullible Jones Registered Member

    Joined:
    May 16, 2013
    Posts:
    1,461
    @Hungry Man I'm not sure about feasibility either. Though actually it would be better to open the clipboard FIFO before starting X proper, to avoid users on multihead systems stealing each others' clipboard messages!

    For actually sending the data. Hmm. I have absolutely no idea how the X11 clipboards are implemented, but the thing about pipes (and FIFOs) is that you can send anything through them. ASCII, Unicode, images, MP3s - anything that can be encoded as a stream of bytes.

    I think the problem might lie more in whether the clipboard stuff is client side, or part of the X server running as root. If the latter, that would break DAC completely. And I suspect that's the case, which would mean writing new clipboard stuff as client-side functionality somehow... I think.

    BTW this wouldn't necessarily have to be done through FIFOs. An ordinary (memory based) pipe would work. Or sockets. Or pretty much any kind of IPC now that I think about it. The concept is just that, instead of copying text into a global buffer and then pasting it somewhere, you're telling one program to accept text input, and another to send it. That way it can be directional and one-way - only the receiving program can have text written into it, or read the text that is sent. Much smaller window for snooping, that way.

    Mind, the elephant in the room here is keystroke logging, which I think is independent of clipboard stuff (and which we've been over before). That's a worse problem, and this scheme would do nothing for it...

    I dunno. I'll see if I can think of a way to improve that. I don't expect to get far, as I'm not much of a programmer and don't know X11. What I will say, though, is that I'm starting to think part of X's problem is that it eschews native UNIX IPC mechanisms in favor of its own weird stuff.

    (Never mind that much of it was written before const-correctness was a thing...)
     
Loading...