Prevent Klipper from storing secrets in clipboard history #1969
Conversation
src/gui/Clipboard.h
Outdated
| @@ -31,7 +31,8 @@ class Clipboard : public QObject | |||
| Q_OBJECT | |||
|
|
|||
| public: | |||
| void setText(const QString& text); | |||
| void setText(const QString& text, bool secret = false); | |||
There was a problem hiding this comment.
You also need to replace all usages of setText() with the call to the secret version.
There was a problem hiding this comment.
Why? Non secret field will be visible. Only passwords will be omitted from the clipboard history.
I've already changed the copy-password to clipboard usages to use the secret version.
Other fields will call setText with secret set to false by default
There was a problem hiding this comment.
I don't see any use of the new functions in this PR, except in setClipboardSecretTextAndMinimize() (which is also new).
Besides, I would prefer this flag to be set for everything. Usernames etc. are also cleared from the clipboard after the timeout, so they should also not be in the history.
There was a problem hiding this comment.
setClipboardSecretTextAndMinimize() itself it's used when copying the password
(line 551 and 944 of DatabaseWidget.cpp)
I will change it since I agree that all field should be treated like secrets
There was a problem hiding this comment.
If you have any dubts, you may want to ask Martin Flöser, the Klipper developer.
When the patch will be finished, please let me know, so I will test it
TheZ3ro
force-pushed
the
feature/klipper-password
branch
from
c38d533
to
a4f7923
Compare
|
Somehow this PR shrunk. What happened to the rest of the changes and to what I nagged about in my first review? |
|
@phoerious look at the difference between the two commits. In the old commit:
In the new commit:
IMHO it seems pretty easy to understand from the code |
|
All I see in the Diff are +11 -3 |
|
Checkout the
Then you can:
On the next rebase, I will squash those 2 commit into 1 so the revert part will not be present in git history Alternatively in the commit tab you can see the two specific commit |
|
Can someone review this? @keepassxreboot/core-developers |
| clipboard->setText(text, QClipboard::Clipboard); | ||
| const QString secretStr = "secret"; | ||
| QByteArray secretBa = secretStr.toUtf8(); | ||
| mime->setText(text); |
There was a problem hiding this comment.
Can we move this line and line 53 above the #ifdef, they are the same regardless of OSX or not
|
I know how to operate Git. ;-) |
|
@phoerious What? I've deleted the older branch, created a new one with the same name, added the new changes, did a rebase excluding the old commits and force-push. It's useless to keep in a branch waiting for a merge old changes that are being reverted the next commit. So, what are you talking about? Checkout the branch with your git client, what you see is what gets merged. |
|
Is there any more work to be done on this PR before this can be merged? Looks like @droidmonkey approved the changes and the change requested by @phoerious is not applicable any more? |
|
It looks complete to me, I need to test it using klipper before I merge unless someone can get certainty that it works. |
|
Thanks @droidmonkey. I built the develop branch just now along with this pull request and tested on ArchLinux. I can confirm that klipper now ignores the password copied from keepassxc. |
droidmonkey
force-pushed
the
feature/klipper-password
branch
from
a4f7923
to
2992e10
Compare
- New Database Wizard [#1952] - Advanced Search [#1797] - Automatic update checker [#2648] - KeeShare database synchronization [#2109, #1992, #2738, #2742, #2746, #2739] - Improve favicon fetching; transition to Duck-Duck-Go [#2795, #2011, #2439] - Remove KeePassHttp support [#1752] - CLI: output info to stderr for easier scripting [#2558] - CLI: Add --quiet option [#2507] - CLI: Add create command [#2540] - CLI: Add recursive listing of entries [#2345] - CLI: Fix stdin/stdout encoding on Windows [#2425] - SSH Agent: Support OpenSSH for Windows [#1994] - macOS: TouchID Quick Unlock [#1851] - macOS: Multiple improvements; include CLI in DMG [#2165, #2331, #2583] - Linux: Prevent Klipper from storing secrets in clipboard [#1969] - Linux: Use polling based file watching for NFS [#2171] - Linux: Enable use of browser plugin in Snap build [#2802] - TOTP QR Code Generator [#1167] - High-DPI Scaling for 4k screens [#2404] - Make keyboard shortcuts more consistent [#2431] - Warn user if deleting referenced entries [#1744] - Allow toolbar to be hidden and repositioned [#1819, #2357] - Increase max allowed database timeout to 12 hours [#2173] - Password generator uses existing password length by default [#2318] - Improve alert message box button labels [#2376] - Show message when a database merge makes no changes [#2551] - Browser Integration Enhancements [#1497, #2253, #1904, #2232, #1850, #2218, #2391, #2396, #2542, #2622, #2637, #2790] - Overall Code Improvements [#2316, #2284, #2351, #2402, #2410, #2419, #2422, #2443, #2491, #2506, #2610, #2667, #2709, #2731]
|
Is there any chance that this fix doesn't work for Snap installations? I ask because, unfortunately, running 2.4.0 installed as a Snap on Kubuntu 18.04, my passwords remain in my clipboard indefinitely (rather than 10 seconds, as expected). I'm more than happy to file a fresh issue for this, but just wanted to check if (a) there was something I had to do in KDE preferences to allow KPXC to clear the clipboard or (b) this wasn't tested on a Snap install and that could be the issue. Debug infoKeePassXC - Version 2.4.0 Libraries:
Operating system: Ubuntu Core 18 Enabled extensions:
|
|
@sts10 At least I tested it on a regular install only, not on snap. And it's working with the official 2.4.0 release as well. Are you sure you have the right version of klipper installed that has the counterpart patch to look at the metadata sent by keepassxc and ignore it? That patch (https://phabricator.kde.org/D12539) was merged only around May last year but you seem to be on Kubuntu 18.04, so there's a high chance that it's not present in your OS. |
|
Hi, tested KeePassXC 2.4.0 and 2.4.1 on Kubuntu 18.04.2 LTS with password set to be cleared from clipboard after 10 seconds. Sadly this does not work. What I see is the lack of Klipper - instead there is Plasma's own clipboard app. OS: Kernel release: **Plasma version: ** Is there a chance that Plasma's clipboard will be supported? |
|
Open a new issue if you want to see that support. |
|
From plasma-workspace 5.12.8 the "x-kde-passwordManagerHint" is supported, so in Ubuntu Cosmic (which has 5.13.5) it should work. |
Description
Fix #584
Porting of keepassx/keepassx#211 "Add hint for Klipper to not add passwords to history" by @roberthoffmann
Relevant Klipper issue/PR https://phabricator.kde.org/D12539
Motivation and context
Klipper adds every item to the clipboard history, unless an additional mime type
'x-kde-passwordManagerHintis set tosecret.How has this been tested?
I cannot test this since I don't have klipper installed.
Maybe @phoerious or @Germano0 can test this
Types of changes
Checklist:
-DWITH_ASAN=ON. [REQUIRED]