Full Disclosure mailing list archives
Re: VNC viewers: Clipboard of host automatically sent to remote machine
From: Christian Sciberras <uuf6429 () gmail com>
Date: Wed, 25 Jan 2012 11:38:14 +0100
No, I only read the manual. Now go troll somwhere else. :) On Wed, Jan 25, 2012 at 11:35 AM, GloW - XD <doomxd () gmail com> wrote:
Windows is even more secure, have you actually, read any of the code / On 25 January 2012 21:30, Christian Sciberras <uuf6429 () gmail com> wrote:That's not necessarily true. On windows you can add customclipboard formatsthat would contain a 'link' to the original source, causing the datato beactually passed when pasting. An example of this is when one copy+pastes a file. See the Windows Clipboard API for more info. Chris. On Wed, Jan 25, 2012 at 10:54 AM, Mario Vilas <mvilas () gmail com> wrote:I'm not sure how the clipboard works in Linux desktops (I understand it's a little different), but at least in Windows environments data has to be copied to the clipboard when you hit Ctrl-C. It can't be copied when you hit Ctrl-V because then the applications wouldn't know if there is anything to paste (like you said, the button would be grayed). So to replicate this behavior it's necessary to send the data as it's copied, not as it's pasted. Most (not all, but most) desktop systems assume clipboard data can be freely shared with all applications and don't have any kind of isolation at all. VNC was designed with the same idea. The bottom line is, the problem here is using VNC for what Ben is using it. There are many more problems with that scenario and clipboard sharing may be the least of them. On Wed, Jan 25, 2012 at 8:44 AM, Peter Osterberg <j () vel nu> wrote:On 01/24/2012 07:18 PM, Mario Vilas wrote:Guys, could you please read carefully everything before you reply?I read carefully. It still didn't make sense, though.And you wouldn't be allowed to use copy&paste while you editsensitivedocuments either, I guess?I don't know how you could get to such a conclusion from what Iwrote.You're reporting that if you copy and paste sensitive information and connect to a VNC session your clipboard data gets sent to the remote machine. That's pretty obvious and not a security hole that needs to be plugged.I don't think that is what Ben is saying. The clipboard get sent tothethe server even before it is pasted, this happens without the user knowing of it. Notepad would have the paste button grayed otherwise, if the clipboard is empty, right? So it is already on the server before paste ispressed.So what ever was in the clipboard buffer is transmitted to the serveronconnection. This is at least the assumption I make from reading Ben's mails. Or... Is there a cliboard flag saying there is something on the clipboard,butit isn't transmitted until the user actually pastes? I haven't really got any experience with how the clipboard feature is implemented. My assumption is however that it has to be on server for notepad to be aware that Paste shouldn't be grayed out... I think Ben's report make complete sense actually, it would be bettertohave the clipboard feature as a default. Security before features...=)_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.” _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: VNC viewers: Clipboard of host automatically sent to remote machine, (continued)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Mario Vilas (Jan 24)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Peter Osterberg (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Peter Osterberg (Jan 25)
- Message not available
- Message not available
- Re: VNC viewers: Clipboard of host automatically sent to remote machine GloW - XD (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Peter Osterberg (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Mario Vilas (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Peter Osterberg (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Mario Vilas (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Christian Sciberras (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine GloW - XD (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Christian Sciberras (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine GloW - XD (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine GloW - XD (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Christian Sciberras (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine GloW - XD (Jan 25)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Alyx (Jan 26)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Valdis . Kletnieks (Jan 26)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine phocean (Jan 26)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Alyx (Jan 27)
- Re: VNC viewers: Clipboard of host automatically sent to remote machine Ben Bucksch (Jan 25)