clipboard is a security problem - in linux you can fix it with xclip and cron

Others 2022-04-28 12:02:45 views: 0
Summary: The ability to copy/paste on your operating system is essential. Whether you're writing code or a screenplay, these two functions are at the heart of working with text on a computer. When you copy text, it goes to the memory-resident clipboard. Unless you have a clipboard manager installed that can hold multiple entries, the clipboard will by default only handle one copy event, and its previous entries will disappear when you copy something else.

The ability to copy/paste on your operating system is essential. Whether you're writing code or a screenplay, these two functions are at the heart of working with text on a computer. When you copy text, it goes to the memory-resident clipboard. Unless you have a clipboard manager installed that can hold multiple entries, the clipboard will by default only handle one copy event, and its previous entries will disappear when you copy something else. In a standard Linux setup, the clipboard contents are stored in the memory of the program that controls it (usually Xorg).

The clipboard should be limited because any program can read its contents, and if you let it go, whatever it saves will just stay there forever. Additionally, modern browsers allow malicious websites to read (and write) from the clipboard in a number of ways.

Although not the default, browsers can be set to disable access to the clipboard. While there are also add-ons for browsers and operating systems to manage the clipboard, it's easier and more reliable to troubleshoot at the source of this chain, and make the clipboard system-wide safe. There are plenty of reasons to use a clipboard, but not enough reasons to keep the content there for more than a minute or two.

Password managers have become popular lately, and if you've used them, you've seen how they copy passwords to the clipboard so you can paste them into your browser and log into your account. What will happen next? Your password will remain on the clipboard until another copy event or restart.

Even if you use a separate browser for things like banking, copying passwords via the clipboard brings them back to other browsers and exposes them to web-based clipboard collection technologies.

My solution was to do the processing in the background and automatically clear the contents of the clipboard every minute. It uses the xclip command line tool, a small script and cron. cron's one minute interval gives you enough time to copy the password, and then it will empty the clipboard. This action is performed every minute to ensure worry-free replication.

We need to clear the clipboard in the terminal using the xclip tool. On apt-based distributions, type:

sudo apt-get install xclip
Let's test the program in the terminal. First copy some text from somewhere, copy somewhere else, and type these two commands:

touch blank
xclip -selection clipboard blank
Then try copying the text again - it should be gone. Now put this command in a script. Create a script (use your text editor instead of leafpad):

leafpad nukeclipboard.sh
and enter the following in a new file:

#!/bin/sh
touch blank && xclip -selection clipboard blank
Save and close the file, then add Executable permissions:

chmod +x nukeclipboard.sh
now makes the cron task run every minute. Be careful first, different distributions have different cron options. The following settings are for Ubuntu (based on) distributions and the procedure may be different in your distribution, so please read the manual.

To set up a cron task, enter at the terminal:

crontab -e
After the last commented out line, enter the following line (replace /home/user/ with your script location):

* * * * * export DISPLAY=:0 && /home/user/nukeclipboard.sh
Now press ctrl-o to save (use your cron job editor's save shortcut), then hit enter to save your crontab. Finally, press ctrl-x to exit the program. From now on, your clipboard has a lifespan of one minute.

Explanation about the cron entry above: cron has environment variable limitations, and when it fails, you can spend a whole day trying a hundred ways to fix it. Solved after I found a quick fix that suggested setting DISPLAY. Thanks to Mike Q for his contribution.

Now, it can happen that when you want to paste something copied, the clipboard is emptied, making it impossible to paste, but it's a small price to pay for security. If this is an issue, you can configure cron to run tasks at any interval that suits you (say 2 minutes). Instructions for Ubuntu are on this page.

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=326317320&siteId=291194637
Recommended
Open Source Daily | Angular v18; Inference optimization under large model price war; Mistral AI targets the US market with open source models; Silicon Valley has its own Lu Xun
Ranking
ACM summary twelve
Understand high performance and high concurrency from the root (2): Deepen the operating system, understand I/O and zero-copy technology
Ali cloud OSS web end of the forward pass is not dependent on official pupload plug
ServiceMesh study notes 20200418
Complete Guide to BERT Model Distillation (Principle & Technique & Code)
With Nginx proxy requests, the front and rear side cross-domain processing
Digital twin museum solution
How to be a good project manager of R&D projects
ssh:ssh-agent、ssh-add
解决mac ida在中文输入状态下crash问题
Daily
More
2024-05-29(1)
2024-05-28(1)
2024-05-27(1)
2024-05-26(0)
2024-05-25(3)
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)

Code World

© 2018 codetd.com