On Thu, Aug 08, 2024 at 09:21:45AM +0700, Max Nikulin wrote: > On 07/08/2024 11:40, to...@tuxteam.de wrote: > > In my threat model, if I already have an application running under > > my own user ID, I call XKCD 1200 [1] on it. > > Browser JavaScript API allows to read and write clipboard. It is protected > to some extent by user prompts. On the other hand in ChromeOS most of > applications are running in browser, so I will not be surprised if policy > becomes more permissive some day despite developers are aware of related > security issues.
I'm aware of the browser expansivity (it wants ever more and more). Currently I protect against that by having very restricted profiles: my "default" browser can't even Javascript. This forces me to think, when I see a page which can't render: "do I really need it?". The answer is often "nah". For each specific application which needs it, I have a specific browser profile. This is not enough, mind you: some of those specific applications could turn malicious at any time (given the "npm deployment model" even without the application maker's knowledge). > Are you sure that you have never accidentally granted clipboard read > permission to some frequently used web site? I know, I know. Sometimes I dream of running browsers in their VMs (with their own X server). But that would be over my budget :-) > So a threat may be outside of "traditional" local processes. > > As to X11 protocol, it allows to grab focus, e.g. xterm supports it. Several > years ago GNOME designers decided that their password prompt must be full > screen modal dialogue that does not allow even mouse interaction with other > applications (e.g. 3rd party password managers). On the other hand it does > not protect against xinput debug tools running at lower level. Definitely. That's one reason I left GNOME behind. It's definitely a tradeoff at this point: the X model provides the concept of a "window manager", and the window manager is *my* ally. The trend is that the application is the boss (client-side decorations anyone?), and the application is the ad's industry's ally. Now I do prefer the first one, even if old and creaky :-) Cheers -- t
signature.asc
Description: PGP signature
