hi, I’m unsure that this is the correct place to ask about this. But I would appreciate if this was answered by someone who knows for sure.
I’m not sure whether this is in the scope of a desktop environment, or in the scope of each distribution. But I was wondering, is there a built-in clipboard, and does it have history? When you copy a bit of text, how long does it stay anywhere within the system? When is it fully cleared off of your system? Will copying another bit of text fully clear it from your system (including RAM)?
I’m asking this because I made a choice to not use any extensions for my browser, but I still use Bitwarden, which doesn’t seem to have autofill available in it’s apps (just in the browser extension), so I have to manually copy and paste my passwords, which I’m ok with, but I feel doubtful about the security of this.
Hi, the person who implemented the current clipboard implementation here. The clipboard contents are only stored in memory until the next clipboard selection comes to replace it. The only saving feature in use is in order to preserve the clipboard selection after the application that did set it the last time does quit.
The clipboard API is sufficient for GNOME Shell extensions to implement a clipboard with more bells and whistles, such as history. But these do need to be explicitly installed to replace the default behavior.
Just adding this in case someone in the future has the same security concern.
As @garnacho mentioned, when you copy something to the clipboard, it is stored in RAM until the next copy operation. So, copying another thing or a restart would clear the old one.
If you are really concerned about security, you should never copy sensitive data to your clipboard because:
All the applications you are using can read the clipboard content.
If you use some sort of clipboard managing extension or app, that could also create more issues since they usually store the data in a cache file. Even when you remove the file, it can somehow be recovered with data recovery techniques.
Other than clipboard, you shouldn’t use drag and drop for sensitive data, because:
Other applications might be able to monitor the drag and drop and probably even reading it without you completing the drop. Wayland makes this really hard though.
Reading the stored temp data in RAM after the DND process is not completely immune to attack even after removal with RAM forensics. This is also true about the clipboard.
This is not completely accurate, only the application that currently has the keyboard focus can read the current clipboard. All other applications cannot read the clipboard, until focused themselves.
Unless you mean the X11 session. Then yes, anyone can read the clipboard.
oh, so copying something else clears the previous entry even from RAM? That is very cool
thank you all for your answers btw
nah, I just meant the built-in system clipboard, without any extensions. But that’s good to know.
is this still a concern even if I copy something else right after pasting the password?
also, is autofill (from a browser extension) really more secure in this regard? Is data from it not temporarily stored anywhere in RAM, or anything?
RAM forensics are pretty fast. If that is happening, your copy paste speed won’t even come close to their speed. They can even take advantages of ghosting and data remnants after cleaning the data from RAM.
Browsers store the encrypted password in a sqlite db or a file. When you visit the website again, they decrypt the password to have the raw password to fill the password input. The decryption key is stored in your own device. So if an app gain the access to that, your password is compromised.
Bitwarden in your case, uses the master password. It means if an app have access to your user, they still need that master password to have access to the stored password. This adds another layer of security but the issue is not completely solved. Malware can still use the RAM forensics since the decrypted password goes into RAM then into the password input in your browser.
Just to add, we are discussing this for the time your user session is compromised with a malware. In that case, many other attacks can happen.
so what I take away from this is that copying passwords manually and using browser extension autofill have the same vulnerability to RAM forensics (as well as ghosting and data remnants after cleaning the data from RAM)?
also, while I rly appreciate you describing different scenarios of how malware could gain access to my passwords, even though I research security, I’m still a non-tech user, so what I struggle with is determining how likely each scenario is to happen, which one is the least dangerous, and which ones are to worry about
RAM forensics are pretty advanced. As I mentioned before “we are discussing this for the time your user session is compromised with a malware”. If your setup is clean, there is no need to worry about (though, we’ve seen even pretty well known projects can sometimes ship malware).
As @garnacho mentioned, on Wayland your apps need to be focused to share the clipboard data but if you are using X11 you should always be careful what you are setting to the clipboard or DND.
I know you said you don’t use GNOME Shell extensions but for those who use them, even on Wayland they can read anything you copy to the clipboard.
Browsers should have built-in prevention even when the tab is focused. For example this is Brave Browser turned off the unwanted clipboard usage for particular website:
So, my general advice remains the same: “If you are really concerned about security, you should never copy sensitive data to your clipboard” but if you are using Wayland, you have less to worry about.
You can have Bitwarden clear the clipboard after some seconds, so the copied credentials don’t linger on the clipboard.
Out of interest I looked into memory scanning. Most distros compile the Linux kernel with CONFIG_STRICT_DEVMEM=y (I could confirm with zgrep CONFIG_STRICT_DEVMEM /proc/config.gz on mine) which on x86 forbids direct RAM acces (see the mem manpage). The memory of an individual process could be scanned but that requires root.
With @jrahmatzadeh’s explanation on how clipboard data access works on Wayland I’m not very worried about copying credentials. For Shell extensions you could check for a get_selection() call in the code, which AFAIK is needed for an extension to initiate access to the clipboard.
This is not completely accurate, only the application that currently has the keyboard focus can read the current clipboard. All other applications cannot read the clipboard, until focused themselves.
Is wl-paste or the terminal able to circumvent this protection? Or is what you wrote specific to apps using portals?
Because on GNOME 48 if I run sleep 10; wl-paste in the terminal, switch to Text Editor and type some text and copy it, when I after 10+ seconds I look at the terminal window in the overview it has in fact pasted the text I copied while it did not have keyboard focus.
yeah I noticed it back when I was using it, I haven’t used it in a while though, and probably won’t, so
if I was on KDE, I would use their forums
is this still a concern even if I copy something else right after pasting the password?
GNOME.