© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
I gave this a quick review. It was more of a design review than a detailed code review.
The security of this design is rooted in the random surface ID created by Mir. That surface ID must be randomly generated and of significant size so that bruteforces of the ID is not feasible. I'm told that the ID is randomly generated and evenly distributed throughout a full 128 bits. That should be sufficient.
A future improvement that I'd like to see is a penalty after a number of incorrect surface ID guesses so that a malicious app cannot simply brute force the 128 bit space without any negative side effects. The penalty could be time based, where the pasteboard doesn't return back for several seconds. There are other options, as well.
I had some trouble understanding the intent behind the usage of the APP_ID in the merge proposal. Ken tells me that it is for a future design when there is a pasteboard UI so that the user will be prompted with the APP_ID of the application requesting access to the paste buffer. Since the APP_ID isn't used right now, I'm not concerned, but I'd like to understand more about how the APP_ID is being retrieved before we start prompting users. I'd prefer that we use the APP_ID directly from the D-Bus daemon via the GetConnectionCr
https:/
Thanks for working towards a secure copy and paste solution. I look forward to this design being improved on in the future with the introduction of a pasteboard UI.