lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4F1FC384.9060306@lightwave.net.ru>
Date: Wed, 25 Jan 2012 11:55:32 +0300
From: Dan Yefimov <dan@...htwave.net.ru>
To: Ben Bucksch <news@...ksch.org>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: VNC viewers: Clipboard of host automatically
 sent to remote machine

On 25.01.2012 5:45, Ben Bucksch wrote:
> On 25.01.2012 00:52, Henri Salo wrote:
>> On Wed, Jan 25, 2012 at 12:47:28AM +0100, Ben Bucksch wrote:
>>> On 25.01.2012 00:09, Dan Kaminsky wrote:
>>>> IP KVM, in which the foreign server basically gets only inbound
>>>> Keyboard and Mouse and outbound uncompressed pixels.
>>> That is *precisely* what VNC is: an open-source IP KVM.
>> What the hell? Seriously..
>>
>> http://en.wikipedia.org/wiki/VNC
>
> hihi. Thanks.
>
> "It transmits the keyboard and mouse events from one computer to
> another, relaying the graphical screen updates back in the other
> direction, over a network."
> "The VNC protocol (RFB) is very simple, based on one graphic primitive
> from server to client ('Put a rectangle of pixel data at the specified
> X,Y position') and event messages from client to server."
>
> Compare to above.
>
> Now, the part where it defines that clipboard is also a standard part of
> VNC... oh, huch, it's not there! (Just a random note that Unicode is
> impossible, but not that clipboard is defined as part of the protocol at
> all.) Ah, I know... Surely, it must be on
> <http://en.wikipedia.org/wiki/RFB_protocol>... No, same thing there.
> Strange.
>
It should be strictly understood that something not being mentioned in the 
Wikipedia article doesn't mean that doesn't exist at all, since Wikipedia is 
_not_ authoritative information source. The authoritative information source 
would be the formal specification of the protocol explicitly defining the set of 
event types and explicitly prohibiting non-defined event types, otherwise 
implementations are free to define and use their own event types being in fact 
extensions of the protocol. It's defined nowhere that VNC is _exactly_ 
open-source IP KVM and nothing more.

> P.S. I was just reporting bug. I hope at least some software finds a
> better solution. Have fun.
>
I'd suggest you find alternative product allowing you to explicitly configure 
that clipboard is not transmitted to the host under control instead of 
struggling with the product limitations and design flaws.
-- 

Sincerely Yours, Dan.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ