问题
Gnome desktop has 2 clipboards, the X.org (saves every selection) and the legacy one (CTRL+C). I am writing a simple python script to clear both clipboards, securely preferably, since it may be done after copy-pasting a password.
The code that I have seen over here is this:
# empty X.org clipboard
os.system("xclip -i /dev/null")
# empty GNOME clipboard
os.system("touch blank")
os.system("xclip -selection clipboard blank")
Unfortunately this code creates a file named blank
for some reason, so we have to remove it:
os.remove("blank")
However the main problem is that by calling both of these scripts, it leaves the xclip
process open, even after I close the terminal.
So we have 2 problems with this option:
1) It creates a blank file, which seems like a flawed method to me
2) It leaves a process open, which could be a security hole.
I also know about this method:
os.system("echo "" | xclip -selection clipboard") # empty clipboard
However this one leaves a \n
newline character in the clipboard, so I would not call this method effective either.
So how to do it properly then?
回答1:
Misconceptions
- GNOME doesn't "have clipboards"; X11 has selections and cut buffers. There are more than 2 of them, but mostly we worry about the selections
PRIMARY
andCLIPBOARD
. Neither of them is "legacy". - You can't "securely" clear these (by writing something else into the memory they occupy), since they aren't stored in your process. Cut buffers (which are obsolete) are stored in the X server, and selections are stored (if anywhere) in the process providing them. (If there is a clipboard manager running, they may be stored in several places and be impossible to kill completely.)
xclip
has to leave a background process running to serve the selection it sets to any processes requesting it. It's mostly useless when the selection is empty, but it does go away as soon as anything else is selected/copied, and it is surely not a security risk.- Never use
os.system
(orsystem
in any language), except to run a shell command specified by the user (like!
inless
). It uses the shell (specifically, /bin/sh), which (because it is meant for interactive use) requires various kinds of quoting to avoid misinterpretation of generated input, it affects signal handling, it can't set up the child's open files directly, and it makes it all too easy to ignore the exit status of the child.
Tools
- There of course exist Python bindings for Xlib, including manipulating selections. Probably overkill if selection-clearing is your only use case.
- Tkinter, as mentioned, probably supports this (Tk certainly does), but I haven't found a reference for it.
xclip
andxsel
, as mentioned, are widely available (both are in the Ubuntu repositories, for instance). You run external programs in Python using subprocess; in Python 3.5 or better it looks like one ofsubprocess.run("xclip",stdin=subprocess.DEVNULL) subprocess.run(["xclip","-selection","clipboard"],input="") subprocess.run(["xsel","-c"])
(The choice between
stdin
andinput
matters more if you don't immediately wait on the program to exit.)xsel
has an explicit--clear
option, which avoids the need for input and a background process.
With any of these, you'll need to treat each of the two common selection types.
回答2:
I know three ways to clear the clipboard from Python. First using tkinter:
try:
from Tkinter import Tk
except ImportError:
from tkinter import Tk
r = Tk()
r.withdraw()
r.clipboard_clear()
r.destroy()
Second with xclip, but I use xclip like this:
echo -n | xclip -selection clipboard
Does it create a new line?
Finally, it's possible to user xsel:
xsel -bc
回答3:
I have figured out:
#CLIPBOARD cleaner
subprocess.run(["xsel","-bc"])
#PRIMARY cleaner
subprocess.run(["xsel","-c"])
This one cleans both buffers, and leaves no zombie processes at all. Thanks for everyone who suggested some of them.
来源:https://stackoverflow.com/questions/48490382/how-to-clear-both-clipboards-securely-in-gnome-from-python