Clipboard sharing between 3 machines / security issue?

[Adrian Roman]

I've recently run into a scenario that is a bit troubling. I have two desktop Ubuntu Lucid machines, let's call them D1 and D2, and two users working on them, U1 on D1 and U2 on D2. U1 has VirtualBox running a Windows VM (V1) with D1 as a host. User U2 has a RDP connection opened to V1.

The users U1 and U2, however, have different TS sessions on the Windows machine. So U1 sees his Windows desktop in the VirtualBox window on his desktop D1, and U2 sees his Windows desktop in the rdesktop window on his desktop D2. The Windows VM runs two user sessions concurrently.

Every once in a while, when U2 copies something in the clipboard on his desktop session on D2, user U1 is able to paste the same thing on his desktop session on D1.

I believe the reason for this is because there is clipboard sharing between D1 and V1 via VirtualBox, and also between V1 and D2 via RDP. So in fact, the clipboard somehow becomes shared by all 3 machines.

This does not seem to occur when running the VM in headless mode, and both users connecting to it via RDP, which indicates that the problem is more likely in the way VirtualBox manages clipboard sharing rather than rdesktop / RDP.

[Adrian Roman]

I forgot to add that in this scenario, the sharing is unidirectional - only what U2 copies in clipboard on D2 reaches U1's clipboard on D1, not the other way around.

[Adrian Roman]

Also - probably related to ​bug number 7860, but I chose to open a new bug report because the description on that one was somewhat confusing to me.

[Michael Thayer]

So if I understand your setup correctly, both users have deliberately shared their desktop clipboards with a single virtual machine. If so then the fact that their desktop clipboards are also shared with each other is a logical consequence and more or less what those users were asking for.

[Adrian Roman]

Replying to michael:

So if I understand your setup correctly, both users have deliberately shared their desktop clipboards with a single virtual machine. If so then the fact that their desktop clipboards are also shared with each other is a logical consequence and more or less what those users were asking for.

No, that is not a correct interpretation. VirtualBox should not do clipboard sharing between the RDP session and the host system. VirtualBox should only do clipboard sharing between the session that is open at the console and the host. The guest Windows machine does not share the clipboard between the RDP session and the console session, this is a VirtualBox issue.

A Windows Terminal Server can have tens of concurrent sessions; if such a machine runs as a guest VM over VirtualBox, it's not normal to have clipboard sharing between those and the console session, or who knows, maybe clipboard sharing occurs even between different RDP sessions. Clipboard sharing should be limited to the console session and the host. RDP sessions do not need that, as RDP has its own clipboard sharing system, and that can only create issues such as this one.

[sunlover]

adyroman, which RDP server do you use to connect to the Windows VM: the embedded VBox VRDP server or the Windows guest RDP server? From your description it looks like you connect to the Windows guest RDP server.

[Adrian Roman]

Windows guest RDP server; I wasn't even thinking about the VBox VRDP server, sorry for the confusion.

[Michael Thayer]

I you don't want sharing between the RDP session and the host system, why don't you disable one of host to guest sharing or RDP clipboard sharing?

[Adrian Roman]

That is possible, and it does fix the problem, but that is a "workaround". Ideally VirtualBox should not do clipboard sharing between a host and a RDP session on a guest Windows VM. Plus, this workaround has a major disadvantage - one of the two sessions (either the console or the RDP session) will not be able to use clipboard sharing, which is annoying if you have to do any copy / paste between a bare-metal machine and a virtual session, be it a console session or a RDP session.

[Michael Thayer]

I fear that one of us is misunderstanding something here. Clipboard sharing, both as we implement it and as Terminal Services does, means that (using VirtualBox terminology), whenever something new appears in the host clipboard it is copied to the guest, and whenever something new appears in the guest clipboard is is copied to the host. For Terminal Services think the server and the machine running the client. So:

• if you copy something on the host, as per your instructions to enable host-guest sharing that something will be copied to the guest clipboard.
• as the guest clipboard has now changed, as per your instructions to enable RDP clipboard sharing, that data will be copied from the guest (the RDP server) to the clipboard of the machine running the RDP client.

The same thing will work from the machine running the client to the VM host. You could always make the VirtualBox sharing one way (e.g. only from the VM to the host). But it seems to me that you are wanting to separate two things that aren't logically separable.

[Adrian Roman]

Too bad I can't draw here. :)

I'll describe in more detail, using just words.

So I have the following OS setup: I have a Linux box running Ubuntu Lucid and VirtualBox on it. This one is called Alpha. So Alpha is the VirtualBox host. I also have a second Linux box, called Bravo. And a Windows machine called Whiskey, which is a guest VM running on top of Alpha.

I go to the console of Alpha, and start Whiskey - and I log in to Whiskey as John. John has a Windows session on Whiskey, and his clipboard is shared with my clipboard on Alpha. So when I copy something on Alpha, put it in the clipboard, John also has that content in his clipboard, inside his Windows session on Whiskey, by virtue of having clipboard sharing enabled between the VirtualBox host (Alpha) and the VirtualBox guest (Whiskey). So Adrian and John have clipboard sharing.

Now, my friend Brad logs in on Bravo and starts a rdesktop (RDP) session to the TS server running on Whiskey. He will log in, through RDP, on the Windows machine Whiskey, using the user James. So now there's also clipboard sharing between Brad and James, via clipboard sharing in rdesktop.

So now there are a total of 4 desktop sessions. There's Adrian's session on Alpha, there's Brad's session on Bravo (both Linux sessions), there's John's session on Whiskey (console session) and there's James' session on Whiskey (RDP session).

As I interpret the ideal way things should work here, I would expect that something that Brad copies on his Linux session WILL NOT end up in my Linux session on Alpha. Whatever Brad puts in his clipboard will be shared with James, and whatever I put in the clipboard will be shared with John. However, John and James have two _independent_ Windows sessions on Whiskey and the contents of their clipboards SHOULD NOT be shared.

I suspect VirtualBox reads from both the clipboard of John and the clipboard of James, and mixes the two together. In fact, VirtualBox should only read from the clipboard of John, who has a *console* session on Whiskey. I don't see any reason why VirtualBox would ever do clipboard sharing between the host and the RDP sessions of guests - that makes no sense whatsoever, especially since RDP has it own implementation of clipboard sharing.

I hope this is clear enough; in case it's not, I will draw a diagram and upload it somewhere - you know, "a picture is worth a thousand words". :)

[Michael Thayer]

So in other words the sharing which is taking place which you do not want to see is between the two different users on the Windows VM? I think that must be the bit I missed above.

[Adrian Roman]

Yes, sharing between the two different Windows sessions (John and James) should not take place IMHO.