-
Notifications
You must be signed in to change notification settings - Fork 259
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent Sending Passwords from the Clipboard #1893
Comments
Hmm. I'll take a look at this, I thought we only accepted To be honest I'm not sure how many Linux applications correctly set the clipboard data MIME type, but I agree we should do what we can to prevent passwords being shared unintentionally. |
Thanks for taking the time. const TEXT_MIMETYPES = [
'text/plain;charset=utf-8',
'UTF8_STRING',
'text/plain',
'STRING',
]; And these are the MIME types of passwords returned by the GNOME evaluator when running
For now, maybe a simple validation to check that |
Mmm, it looks like currently we special-case ignore any clipboard with gnome-shell-extension-gsconnect/src/service/components/clipboard.js Lines 182 to 193 in 734ef1e
I don't see why we couldn't extend that to also exclude |
My one slight worry with this is whether there might be users who rely on copy-pasting passwords to their mobile device, who we might be breaking things for if we disable this across-the-board. |
Since some password managers set a clipboard mimetype to signal when the clipboard contains password data, ignore the clipboard contents in those cases, to avoid exposing passwords over the link to the mobile device. Fixes: GSConnect#1893
Agreed, using |
Perhaps, to avoid breaking the copy-pasting of passwords for users who use it, it could be added as an experimental option disabled by default |
I would think having a trusted password manager in one device and copy pasting passwords over gsconnect to another is a valid, perhaps even quite normal use case. So I wouldn't make it the default to exclude those. Saves on having to figure out syncing a keepass database for example and dealing with sync conflicts. I think it would be weird for us to set an x-kde mimetype, but aren't we just talking about handling that when set by others? KeepassXC is definitely used in gnome desktops. |
Hi @daniellandau,
Yeah, I see no reason to set that MIME type, only to read it. KeepassXC is quite popular, so I agree that it's definitely used by GNOME users. |
Mmm, that's fair. So I guess we do need to place password-blocking behind an option, disabled by default, but there for those who want extra protection.
Yeah, I suppose they set a KDE identifier simply because KDE defined one for that purpose, and GNOME (presumably) never did.
Well, I am kind of curious what happens on the Android side, if you try to copy a password to the paired device. Will Android even allow KDE Connect to share passwords in that direction? Or will it block the sharing of sensitive data, the same way Android 15 has cut off our access to OTP strings in SMS notifications? (See #1833 (comment)) IF it is possible for KDE Connect to send us passwords over the clipboard, and IF we have a way to identify them as such, it'd probably be a good idea for us to add the |
Describe your request
Auto-sharing the clipboard to a mobile device is really useful; however, when using password managers, you might not want to share passwords, as they could be stored insecurely in the mobile device's clipboard manager.
Proposed solution
Use clipboard MIME data to determine if content should be shared. Some password managers set the appropriate MIME data to mark content as private, as demonstrated in this example from KeePassXC.
KDE Connect already uses the
x-kde-passwordManagerHint
MIME data to check for passwords. It also includes a config option to control whether sharing passwords is permitted.Alternatives
No response
GSConnect version
58
Installed from
GNOME Extensions website
GNOME Shell version
47
Linux distribution/release
Ubuntu 24.10
Additional context
No response
The text was updated successfully, but these errors were encountered: