You are not logged in.

#1 2021-05-10 11:11:33

grubernd
Member
From: Graz, AT
Registered: 2020-01-04
Posts: 30

Clipboard manager & security

After realising that a passwordmanager is useless if some app snags everything from the clipboard and stores it in plain text the first thing for me to do on a new BL install is to remove clipit.

Why is such an open security risk pre-installed and active?

Offline

#2 2021-05-10 12:29:18

unklar
Back to the roots 1.9
From: #! BL
Registered: 2015-10-31
Posts: 1,545

Re: Clipboard manager & security

^I would think their problem is not clipboard management (clipit), but their password manager they use.
So if this one uses the clipboard, then you should look for a PW manager that doesn't.  Check out e.g. keepassxc.

Or, if you're working with a smartphone,
KeePassDX from the F-Droid Store. It even has an integrated keyboard.   wink

Last edited by unklar (2021-05-10 12:42:19)

Offline

#3 2021-05-10 13:02:11

twoion
一期一会
Registered: 2015-08-10
Posts: 3,316

Re: Clipboard manager & security

grubernd wrote:

After realising that a passwordmanager is useless if some app snags everything from the clipboard and stores it in plain text the first thing for me to do on a new BL install is to remove clipit.

Why is such an open security risk pre-installed and active?

You're absolutely right about the clipboard. However, it does not matter whether clipit or xclip or any other tool specifically designed to work on the clipboard, including password managers, are installed at all. Any X or Wayland client can write and read whatever is in the clipboard. The only software that has clipboard security built in which you are using is probably the web browser; websites are isolated such that they can only get what's in the clipboard when the user explicitly presses ctrl+v. Apart from that, everything is open to any foreground or background application that runs as your user and that has access to the X or wayland display.

This is why the Linux desktop has extremely weak security in the sense of weak GUI app isolation when compared to Windows and MacOS, which have both superior isolation models available. Lockscreens are pretty much useless on Linux as well (in terms of security) and should be thought of as cosmetic.

The only solution to get truly isolated GUI applications, including separate and gatewayed clipboards, is running every GUI client in a separate X server or compositor. qubesOS is the only Linux system that has made a strict desktop security model somewhat usable and managable on Linux (based on Xen VMs). This approach comes with loosing a lot however, such as hardware graphics acceleration in most cases.

Note that this does only apply to Linux "desktops" (all of them). Linux servers can be hardened really effectively in a pretty simple way; all the mentioned security problems are a result of how "desktop" is implemented on Linux. Only recently people have begun addressing these issues; for example, another problem is pulseaudio -- any application that can play back audio is able to escape any sandbox as long as it access to the pa daemon --, but pipewire tries hard to incorporate security in its design as well.

The OS with the best "desktop" (as opposed to "server") security model at the moment very likely is macOS, and by extension, iOS when used e.g. through an iPad with external keyboard and/or display.

Offline

#4 2021-05-10 17:16:53

ohnonot
...again
Registered: 2015-09-29
Posts: 5,554

Re: Clipboard manager & security

unklar wrote:

So if this one uses the clipboard, then you should look for a PW manager that doesn't.  Check out e.g. keepassxc.

+1 for keepassxc.

Last edited by ohnonot (2021-05-10 17:17:07)


Give to COVAX! Here or here. (explanation)

Offline

#5 2021-05-10 22:27:19

grubernd
Member
From: Graz, AT
Registered: 2020-01-04
Posts: 30

Re: Clipboard manager & security

unklar wrote:

So if this one uses the clipboard, then you should look for a PW manager that doesn't.  Check out e.g. keepassxc.

How does keepassxc differ in that regard from KeePassX which I have been using for years?

What feature did I miss that let's me get my credentials from the password manager to website-logins or the commandline while bypassing the clipboard?


And I know about the basic problem that twoion summed up so nicely, but to me there is a difference between "we have a problem" and "let's use that problem so everyone can mess with us".

Running an app that by default saves everything in plaintext to disc and shows it on the screen is the equivalent of having post-its with "password123" on your monitor. If you think the latter is a great idea, well, I will withdraw my question.

Offline

#6 2021-05-11 01:37:26

Sun For Miles
Member
Registered: 2017-04-12
Posts: 204

Re: Clipboard manager & security

I can't contribute to the topic in any other way except pointing to the documentation paragraphs because I have never used password managers on Linux desktops. However, I am using KeePass on Windows with autotype feature and not clipboard one (honestly never heard of someone using clipboard in password manager until now). If I was limited to clipboard in Windows systems that would be a catastrophic flaw, especially because Windows 10 has native "advanced" clipboard manager that would possibly sync with Microsoft telemetry services.

grubernd wrote:

How does keepassxc differ in that regard from KeePassX which I have been using for years?

Quote from their documentation:

Q:    Why KeePassXC instead of KeePassX?
A:    KeePassX is an amazing password manager, but hasn't seen much active development for quite a while. Many good pull requests were never merged and the original project is missing some features which users can expect from a modern password manager. Hence, we decided to fork KeePassX to continue its development and provide you with everything you love about KeePassX plus many new features and bugfixes.

Rationale for developing it over KeePass:

Q:    Why KeePassXC instead of KeePass?
A:    KeePass is a very proven and feature-rich password manager and there is nothing fundamentally wrong with it. However, it is written in C# and therefore requires Microsoft's .NET platform. On systems other than Windows, you can run KeePass using the Mono runtime libraries, but you won't get the native look and feel which you are used to.
KeePassXC, on the other hand, is developed in C++ and runs natively on all platforms giving you the best-possible platform integration.


Señor Chang, why do you teach Spanish?

Offline

#7 2021-05-12 03:49:36

ohnonot
...again
Registered: 2015-09-29
Posts: 5,554

Re: Clipboard manager & security

grubernd wrote:

What feature did I miss that let's me get my credentials from the password manager to website-logins or the commandline while bypassing the clipboard?

The auto-type feature. It uses neither clipboard nor primary selection.


Give to COVAX! Here or here. (explanation)

Offline

#8 2021-05-12 10:20:44

grubernd
Member
From: Graz, AT
Registered: 2020-01-04
Posts: 30

Re: Clipboard manager & security

ohnonot wrote:

The auto-type feature. It uses neither clipboard nor primary selection.

Well, that would be a reason to switch to keypassXC because keypassX can't do that.
Thanks for the info.

My initial problem with a clipboard logger remains.
Encouraging bad security tools is not a thing I associate with bunsenlabs philosophy.

Offline

#9 2021-05-12 14:04:45

brontosaurusrex
Middle Office
Registered: 2015-09-29
Posts: 2,370
Website

Re: Clipboard manager & security

^irc clipit has an option to blacklist certain apps, which may or may not adhere to your security policy.
Edit: Also clipit is deprecated in bullseye, so another solution will present itself.

Last edited by brontosaurusrex (2021-05-12 14:15:38)

Offline

#10 2021-05-12 18:17:44

grubernd
Member
From: Graz, AT
Registered: 2020-01-04
Posts: 30

Re: Clipboard manager & security

brontosaurusrex wrote:

^irc clipit has an option to blacklist certain apps, which may or may not adhere to your security policy.
Edit: Also clipit is deprecated in bullseye, so another solution will present itself.

That doesn't solve the default insecurity introduced by installing and activating such an application.
Which was my original question that noone has answered yet.

Why is everyone defending clipit or it's brethren?

After all a lightweight distribution should be as lightweight as possible and not burden the system with preloaded backgroundtasks.

And while anyone who really needs it – because their life depends on it – can do a simple

sudo apt install clipit

the other way round is way more cumbersome:

pkill clipit
sudo apt remove clipit
rm -rf "$HOME/.config/clipit"
rm -rf "$HOME/.local/share/clipit"
sudo rm "/etc/xdg/autostart/clipit-startup.desktop"
sudo rm -rf "/usr/share/bunsen/skel/.config/clipit"

Maybe while looking for and discussing replacements these commands are remembered and the future of bunsenlabs is a little lighter.

So if noone wants to or can answer my original question, let's just call it a day.

Offline

#11 2021-05-12 21:56:41

brontosaurusrex
Middle Office
Registered: 2015-09-29
Posts: 2,370
Website

Re: Clipboard manager & security

- As long as you have password manager using clipboard, things are bad (clipit or no clipit), as explained beautifully by twoion... and introduced by unklar.
- Clipit (or clipboard manager is irc an historical baggage going on from crunchbang, so long time ago (You may get to the root of the decision by extensively using search)). Personally I'am fine with complete removal in future Bunsenlabs (Never really used one for long).

Let's.

Last edited by brontosaurusrex (2021-05-12 22:00:21)

Offline

#12 2021-05-13 01:41:42

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,277
Website

Re: Clipboard manager & security

FWIW the likely replacement for clipit in Beryllium is xfce4-clipman. There is an option not to save history on quit, in which case there are no plain text files anywhere. (I'm pretty sure clipit had such an option too.)

It is not a good idea to use copy-paste for important passwords, hence the recommended use of keypassXC.
The clipboard and primary selection will remain, with or without a clipboard manager.

As @twoion has pointed out, the Linux clipboard has builtin security issues anyway, and the incremental insecurity of running a well-designed clipboard manager has to be balanced against the extra convenience, which for those who use it, is considerable. ( eg imagine, without a clipboard manager, going over a document - or several documents - copying snippets of text and then pasting them, in some arbitary order, into a message. )

All use cases are different - personally I don't use a password manager, but often make use of the clipboard manager. As @brontosaurus said, clipit, or some clipboard manager, was present from CrunchBang days so some people at least found it useful. If there was a community-wide outcry, sure we could consider dropping it, but I don't think the security consideration counts for much. Meanwhile, removing xfce4-clipman (or clipit) is as simple as a single apt command - any user config files left over are very small and completely harmless.


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#13 2021-05-13 04:02:20

ohnonot
...again
Registered: 2015-09-29
Posts: 5,554

Re: Clipboard manager & security

johnraff wrote:

I'm pretty sure clipit had such an option too.

It has.

It is not a good idea to use copy-paste for important passwords, hence the recommended use of keypassXC.
The clipboard and primary selection will remain, with or without a clipboard manager.

As @twoion has pointed out, the Linux clipboard has builtin security issues anyway

QFT


Give to COVAX! Here or here. (explanation)

Offline

#14 2021-05-13 04:14:28

hhh
Meep!
Registered: 2015-09-17
Posts: 12,171
Website

Re: Clipboard manager & security

It's a security issue, right? Drop it from the standard BL install?

Offline

#15 2021-05-13 04:36:48

johnraff
nullglob
From: Nagoya, Japan
Registered: 2015-09-09
Posts: 8,277
Website

Re: Clipboard manager & security

I don't think adding a decent clipboard manager is a significant extra security issue to be honest, as long as keeping history in a text file is disabled.


...elevator in the Brain Hotel, broken down but just as well...
( a boring Japan blog (currently paused), idle Twitterings and GitStuff )

Introduction to the Bunsenlabs Lithium Desktop

Offline

#16 2021-05-13 09:04:27

twoion
一期一会
Registered: 2015-08-10
Posts: 3,316

Re: Clipboard manager & security

hhh wrote:

It's a security issue, right? Drop it from the standard BL install?

No it's not, works as expected, it's more like an inherent flaw of Linux desktops. A decent clipboard manager is mandatory; speaking as a KDE poweruser here. You can define actions based on clipboard contents in it and bind it to a global shortcut, for example, very practical. Windows has one as well (win+v).

Offline

#17 2021-05-13 12:50:39

grubernd
Member
From: Graz, AT
Registered: 2020-01-04
Posts: 30

Re: Clipboard manager & security

twoion wrote:

A decent clipboard manager is mandatory; speaking as a KDE poweruser here.

In over thirty years all the applications on all the operating systems and desktop environments I worked with could be used very well without a clipboard manager. Be it various flavours of Linux based OS, Windows from 95 to 10, MacOS to iOS, MS-DOS or even Android.

But if KDE mandates the use of a clipboard manager then that settles it for me.

No KDE for me.

Not that I ever felt the urge, anyway. ;-)

Offline

#18 2021-05-13 14:27:31

rbh
Member
From: Sweden/Vasterbotten/Rusfors
Registered: 2016-08-11
Posts: 1,182

Re: Clipboard manager & security

grubernd wrote:

But if KDE mandates the use of a clipboard manager then that settles it for me.

I can agree with: "A decent clipboard manager is mandatory; speaking as a poweruser here."

It sure saves a lot of time.


// Regards rbh

Please read before requesting help: Guide to getting help,
Introduction to the Bunsenlabs Lithium Desktop and other help topics under "Help Resources" on the BunsenLabs menu

Offline

#19 2021-05-13 17:51:08

damo
....moderator....
Registered: 2015-08-20
Posts: 6,701

Re: Clipboard manager & security

@grubernd

I guess there are thousands of security-savvy linux power users who are happy to use a clipboard manager. I think that settles it for me wink


Be Excellent to Each Other...
The Bunsenlabs Lithium Desktop » Here
FORUM RULES and posting guidelines «» Help page for forum post formatting
Artwork on DeviantArt  «» BunsenLabs on DeviantArt

Offline

Board footer

Powered by FluxBB