wxPython clipboard
Jeremy Bowers
jerf at jerf.org
Thu Jan 6 15:05:31 EST 2005
On Thu, 06 Jan 2005 03:27:56 -0800, lbolognini wrote:
> Could you please give me some advice on the best approach to solve this
> problem?
To the best of my knowledge, and I'd be surprised if this wasn't true,
wxPython does not have the necessary tools to do this.
That program doesn't even use the clipboard; it uses low-level security
flaws* in Windows to directly access text in other programs as it is being
typed, watch for trigger text to go by, and then dynamically replace it;
all of which is a major security flaw in the absence of user permission.
This *particular* application is harmless, but it's still exploiting holes.
Since those holes don't exist cross-platform, wxWindows won't reflect
them. You'd need to go to the WinAPI, and after that I have no idea what
comes next... but I do know it's going to be tricky, painful work and if
you didn't already know you needed to do this, you probably don't want to
go here. Here There Be Dragons.
*: The security flaw lies in the Windows messaging model; once you have a
window handle you can send it any message and get back any data you want,
including stuffing that window with any new data you want, which is a
gaping flaw indeed in a world of buffer exploits. IIRC, there is no way to
do any sort of user-based security, so even if you do everything as a
low-priv user except use this one program as administrator, if that
program has a window on the screen and a buffer overflow, that's a root
exploit waiting to be coded.
More information about the Python-list
mailing list