[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-panel-devel
Subject: D12539: Klipper: Do not insert secret data into history
From: Robert Hoffmann <noreply () phabricator ! kde ! org>
Date: 2018-04-26 10:41:44
Message-ID: 20180426104144.1.F5FD11F5651EA526 () phabricator ! kde ! org
[Download RAW message or body]
hoffmannrobert created this revision.
Restricted Application added a project: Plasma.
Restricted Application added a subscriber: plasma-devel.
hoffmannrobert requested review of this revision.
REVISION SUMMARY
Password manager tools like Keepassx offer an option to clear
the clipboard/selection after some time, e.g. 10 seconds,
after the password was copied to the clipboard. This works fine,
but unfortunately the password isn't removed from Klipper's
history. This is a great security risk, which may make the use
of password managers impossible.
This patch changes Klipper::applyClipChanges(const QMimeData* clipData)
where clipboard data is inserted into history. If the data has an
additional mime type 'x-kde-passwordManagerHint', it is not inserted
into history.
For this to work as designed, password managers should add the
additional mime type 'x-kde-passwordManagerHint' to the mimeData
like following when copying a password to the clipboard:
QMimeData* mimeDataClipboard = new QMimeData();
const QString secretStr = "secret";
QByteArray secretBa = secretStr.toUtf8();
mimeDataClipboard->setText(password); // this is the password to copy
mimeDataClipboard->setData("x-kde-passwordManagerHint", secretBa);
clipboard->setMimeData(mimeDataClipboard, QClipboard::Clipboard);
if (clipboard->supportsSelection()) {
// we cannot use the same QMimedata, it's already owned by clipboard
QMimeData* mimeDataSelection = new QMimeData();
mimeDataSelection->setText(password); // this is the password to copy
mimeDataSelection->setData("x-kde-passwordManagerHint", secretBa);
clipboard->setMimeData(mimeDataSelection, QClipboard::Selection);
}
REPOSITORY
R120 Plasma Workspace
BRANCH
master
REVISION DETAIL
https://phabricator.kde.org/D12539
AFFECTED FILES
klipper/klipper.cpp
To: hoffmannrobert
Cc: plasma-devel, ragreen, Pitel, ZrenBot, lesliezhai, ali-mohamed, jensreuterberg, \
abetts, sebas, apol, mart
[Attachment #3 (unknown)]
<table><tr><td style="">hoffmannrobert created this revision.<br />Restricted \
Application added a project: Plasma.<br />Restricted Application added a subscriber: \
plasma-devel.<br />hoffmannrobert requested review of this revision. </td><a \
style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; \
color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; \
background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; \
border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D12539">View \
Revision</a></tr></table><br /><div><strong>REVISION SUMMARY</strong><div><p>Password \
manager tools like Keepassx offer an option to clear<br /> the clipboard/selection \
after some time, e.g. 10 seconds,<br /> after the password was copied to the \
clipboard. This works fine,<br /> but unfortunately the password isn't removed \
from Klipper's<br /> history. This is a great security risk, which may make the \
use<br /> of password managers impossible.</p>
<p>This patch changes Klipper::applyClipChanges(const QMimeData* clipData)<br />
where clipboard data is inserted into history. If the data has an<br />
additional mime type 'x-kde-passwordManagerHint', it is not inserted<br />
into history.</p>
<p>For this to work as designed, password managers should add the<br />
additional mime type 'x-kde-passwordManagerHint' to the mimeData<br />
like following when copying a password to the clipboard:</p>
<p>QMimeData* mimeDataClipboard = new QMimeData();<br />
const QString secretStr = "secret";<br />
QByteArray secretBa = secretStr.toUtf8();<br />
mimeDataClipboard->setText(password); // this is the password to copy<br />
mimeDataClipboard->setData("x-kde-passwordManagerHint", secretBa);<br />
clipboard->setMimeData(mimeDataClipboard, QClipboard::Clipboard);</p>
<p>if (clipboard->supportsSelection()) {</p>
<div class="remarkup-code-block" style="margin: 12px 0;" data-code-lang="text" \
data-sigil="remarkup-code-block"><pre class="remarkup-code" style="font: 11px/15px \
"Menlo", "Consolas", "Monaco", monospace; padding: \
12px; margin: 0; background: rgba(71, 87, 120, 0.08);">// we cannot use the same \
QMimedata, it's already owned by clipboard QMimeData* mimeDataSelection = new \
QMimeData(); mimeDataSelection->setText(password); // this is the password to copy
mimeDataSelection->setData("x-kde-passwordManagerHint", secretBa);
clipboard->setMimeData(mimeDataSelection, QClipboard::Selection);</pre></div>
<p>}</p></div></div><br /><div><strong>REPOSITORY</strong><div><div>R120 Plasma \
Workspace</div></div></div><br \
/><div><strong>BRANCH</strong><div><div>master</div></div></div><br \
/><div><strong>REVISION DETAIL</strong><div><a \
href="https://phabricator.kde.org/D12539">https://phabricator.kde.org/D12539</a></div></div><br \
/><div><strong>AFFECTED \
FILES</strong><div><div>klipper/klipper.cpp</div></div></div><br /><div><strong>To: \
</strong>hoffmannrobert<br /><strong>Cc: </strong>plasma-devel, ragreen, Pitel, \
ZrenBot, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas, apol, mart<br \
/></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic