Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: VNC viewers: Clipboard of host automatically sent to remote machine
From: Ben Bucksch <news () bucksch org>
Date: Wed, 25 Jan 2012 11:52:36 +0100

On 25.01.2012 08:44, Peter Osterberg wrote:
I don't think that is what Ben is saying. The clipboard get sent to the
the server even before it is pasted, this happens without the user
knowing of it.

Notepad would have the paste button grayed otherwise, if the clipboard
is empty, right? So it is already on the server before paste is pressed.

Exactly. I take offense in that "without the user knowing it" part.

I chose my reproduction specifically with a mouse action and not Ctrl-V 
so that the VNC viewer cannot know I tried to paste in notepad.exe and 
cannot have transmitted the information at that moment only. It means 
that Windows had the information all along, at the moment when I copied, 
which means the remote Windows reads all my copies on the local X11, not 
just when I paste in Windows. That and only that is the problem.

Possible solution, concretely:
"Paste" button on VNC viewer toolbar
If the user presses the button, the viewer sends the clipboard to the 
remote machine at that moment, and then triggers a Ctrl-V keypress in 
the remove machine.
If the user doesn't press the button, but focuses the VNC viewer and 
presses Ctrl-V, the viewer sends the clipboard to the remote machine and 
only then sends the Ctrl-V to the remote machine.

In both cases, mouse or keyboard, you wouldn't need any more actions in 
practice. You still do Ctrl-C in your Linux app, switch to the viewer, 
press Ctrl-V there, and you got the text in notepad.exe.

Of course that would be configurable so that you can change they key 
combo, e.g. for Macs, or to disable sending the key combo after the 
Paste button, or to disable the clipboard entirely.

Dan Yefimov,

the RFB specification from 2007 happens to be linked from the page I 
mentioned, and funny enough... copy&paste / clipboard isn't mentioned 
with a single word either.

Now, obviously, it is possible somehow, because it's working, so there 
is some way, but it was never part of the protocol.
And it cannot be claimed that every user somehow naturally knows how 
exactly it works and he realizes what it implies concretely for his work.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]