Hacker News new | ask | show | jobs
by alkonaut 1337 days ago
Applications also have access to global desktop screen recording, which has similar security issues. Basically: the desktop including all user input, frame buffers etc. was created as a free-for-all with security as an afterthought. It's as if all processes run in the same memory space.

I should be able to control which apps can read the screen outside of its own top level window, and be notified when it happens (just like OSes often indicate mic recording). A screen sharing or screenshot app would require the permission and I'd allow it.

Apps that place sensitive content on a clipboard (such as password managers) could use an isolated form of clipboard where only apps that are granted permissions can read. E.g. I copy from my pw manager and when I paste, the OS asks me if I want to allow "Firefox" to read the secure clipboard content from "KeePass".
1 comments
ziml77 1337 days ago
macOS actually has these kinds of permissions. The clipboard is still a free-for-all though. I guess that's harder to lock down because it's more than just a simple option of fully allowing or denying access to the clipboard. You would want to be able to paste to any application even if that application can't read the clipboard whenever it wants, but you'd be adding an extra confirmation on every paste if a user doesn't initiate the paste in a way that the OS knows is secure.
link
imiric 1337 days ago
I think the solution can be quite simple: allow the user to configure secure channels between apps, sidestepping the main clipboard altogether. So that if e.g. a password manager is configured as source, and the browser as destination, have an option in the password manager to send a password directly to the browser. There would be no intermediary storage like the traditional clipboard, and no typing with a virtual keyboard, just apps communicating directly via a secure mechanism provided by the OS, and configured by the user.

This is already possible by using named pipes on Linux[1], but it has to be built specifically for each app, and anything can go wrong with the implementation. It seems like it would be relatively simple to have this functionality built into the OS.

[1]: https://news.ycombinator.com/item?id=33329561

link