clipcat icon indicating copy to clipboard operation
clipcat copied to clipboard

Published 20 hours ago verified publisher icon xrelkd

[Feature] Deny Capturing Sensitive Content (Password, etc.)

Open xrelkd opened this issue 1 year ago • 4 comments

Related to https://github.com/xrelkd/clipcat/issues/31.

xrelkd avatar Dec 01 '23 13:12 xrelkd

This would be amazing!

On a side note, I've been experimenting after #31 was released by setting the target atom of strings with x-kde-passwordManagerHint and with some of my own, but it seems that if it's anything other than one of the supported atom's (ie. UTF8_STRING, text/plain, etc...) apps will simply just ignore anything that doesn't have a standard target atom.

I don't know how that specific atom is typically used as I don't use KeyPassXC; I use a combination of pass and xclip. I've taken to immediately removing sensitive content from clipcat by grepping for the content using clipcatctl list in a loop until the password is made present; which is far from ideal.

I'm curious to know how the use of custom atoms can be used to reject sensitive content in clipcat while still making that content available in other apps. Maybe I'm mistaken myself and I'm not using it correctly.

ffernand avatar Jan 12 '24 16:01 ffernand

Use the following steps to show the target atoms of an application, we use KeePassXC as an example.

NOTE: You have to conduct step 3. within 10 seconds after executing 2., because KeePassXC clears the clip after 10 seconds.

  1. Open KeePassXC
  2. Copy password from KeePassXC
  3. Open an terminal and type xclip -t TARGETS -o to show the list of target atoms.
  4. xclip -t TARGETS -o shows something like this:
text/plain
UTF8_STRING
STRING
TEXT
x-kde-passwordManagerHint
TARGETS
MULTIPLE
TIMESTAMP
SAVE_TARGETS

They are the target atoms supported by KeePassXC.

If you put x-kde-passwordManagerHint in the configuration of clipcatd (the watcher.sensitive_x11_atoms field), clipcatd ignores this clip because the hint x-kde-passwordManagerHint is in the list of target atoms.

If the application does not provided any hint in the list of target atoms, clipcatd would not ignore the clip.

xrelkd avatar Jan 17 '24 16:01 xrelkd

I think I understand, this is very useful. Much appreciated! I should have realized that multiple atoms can be targeted for a selection.

xclip doesn't support multiple atoms per selection, so targeting x-kde-passwordManagerHint (or any other atom configured to be sensitive to clipcat) would preclude it from being used by other applications; but at least I know where to start looking next.

EDIT: Added text for clarity.

ffernand avatar Jan 21 '24 19:01 ffernand

Hi

For 1Password xclip shows this: TARGETS SAVE_TARGETS UTF8_STRING text/plain;charset=utf-8 text/plain;charset=UTF-8

Which is not useful at all to be used in sesitive_x11_atoms. Would be nice to also have the possibility to ignore by window class.

mkonig avatar Jun 20 '24 15:06 mkonig