SecurityException in Clipboard.SetDataObject

[Guest]

I developed a WinForms control that runs withing Internet Explorer. To
prevent changes to the client security settings I took care that the control
only uses permissions from the Internet Zone.
One of the controls features is copying text or bitmap images to the
clipboard. That worked all the time with .NET 1.1 using
Clipboard.SetDataObject. Now I tried .NET 2.0 and copying bitmap images
raises a SecurityException that says the used clipboard format is not
permitted. Copying text still works.
Why is copying images to the clipboard a security risk? Is this change
documented somewhere (I couldn't find it in the breaking changes)? Is there a
workaround (changing client security settings is not an option fo me)?

 

[Jeffrey Tan[MSFT]]

Hi Jack,

Thanks for your post.

Do you read the image from the disk? Or you copy the image which resides in
memory? This may be caused by the FileIOPermission security exception,
which is caused by reading image from the disk.

Furthermore, can you provide the securityexception call stack information,
then we can see which exception it requires.

Thanks

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Guest]

Hello Jeffrey,

The bitmap image is generated in memory. The main forms control has some
custom drawn sub-controls. The graphical contents of these controls is what
I'm trying to copy to the clipboard. Here are the main fractions of the
clipboard code:

public void CopyToClipboard()
{
Size clientSize = _view.ClientSize;
Bitmap bitmap = new Bitmap( clientSize.Width, clientSize.Height );
DrawTo( bitmap );
Clipboard.SetDataObject( bitmap, true );
}
private void DrawTo( Bitmap bitmap )
{
using( Graphics graphics = Graphics.FromImage( bitmap ))
{
graphics.FillRectangle( Brushes.White, 0, 0, bitmap.Width,
bitmap.Height );
Draw( graphics );
}
}

The Draw() method contains the code that is also used for drawing the
graphical contents of the control.
The exception is thrown at Clipboard.SetDataObject. Here is the important
part of the call stack:

************** Exception Text **************
System.Security.SecurityException: Due to security restrictions on
clipboard, the specified clipboard format cannot be set.
at System.Windows.Forms.Clipboard.SetDataObject(Object data, Boolean
copy, Int32 retryTimes, Int32 retryDelay)
at System.Windows.Forms.Clipboard.SetDataObject(Object data, Boolean copy)
at MyApplication.UIClient.HistogramHandler.CopyToClipboard()

As posted before everything works with .NET 1.1. Doing the
Clipboard.SetDataObject with a string from a TextBox control works in .NET
2.0 as before in 1.1. So it must be related to the bitmap format.

Thanks for your help in advance,
Jürgen

 

[Jeffrey Tan[MSFT]]

Hi Jack,

Thanks for your feedback.

Oh, yes, this is a breaking change in .Net2.0. Because of the Clipboard
threat modeling, our product team has restricted Clipboard access in
.Net2.0. Only valid clipboard format for semitrust is allowed to be added
to the clipboard.

Clipboard.SetDataObject in .Net2.0 internally checks the format with
Clipboard.IsFormatValid method. If you use Reflector to view the source
code of Clipboard.IsFormatValid, you will see below:

private static bool IsFormatValid(DataObject data)
{
string[] textArray1 = data.GetFormats();
if ((textArray1 == null) || (textArray1.Length > 4))
{
return false;
}
for (int num1 = 0; num1 < textArray1.Length; num1++)
{
string text1;
if (((text1 = textArray1[num1]) == null) || (((text1 != "Text")
&& (text1 != "UnicodeText")) && ((text1 != "System.String") && (text1 !=
"Csv"))))
{
return false;
}
}
return true;
}
Yes, the format is valid only if its one of the following:
Text, UnicodeText, System.String and Csv.

So, this is by design. I do not think there is any way to workaround this
design, if there is certain way, this should be a big security hole. I
think we have to instruct the client machine to increase the permission of
the application in internet.

Hope this helps

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Guest]

Hello Jeffrey,

Thanks for your answer. Technically I understand now what causes the
exception.

However, could you or one of your product team explain to me, why copying a
standard bitmap to the clipboard is a big security hole in a semi-trusted
environment? I can understand that it would be true for certain clipboard
formats, but not for bitmaps. If it is a security risk, why can I still copy
images within Internet Explorer with all security updates and the highest
security level set from ordinary HTML pages?

My customers were already complaining that I used .NET as the client
technology, because they usually needed to install it or the latest service
pack first. I see no way how to explain to them, why somthing that is
possible on every other web deployed application now doesn't work on a .NET
application anymore. This application is used by companies that don't like if
there client security settings need to be changed. This always raises the
question, what my software is doing to their desktops and they need to
estimate the risk of that change. I would need some really good arguments.

Thanks for your help,

Jürgen

 

[Jeffrey Tan[MSFT]]

Hi Jack,

Thanks for your feedback.

Yes, I see your concern.

For your concern in the first paragraph, this is because the client user
does the images copy operation by himself. While the .Net application does
the copy operation from the server-side code. Security is all about trust.
If the client user does the copy himself, this means the client user trusts
the images from the server-side. However, we still can not full-trust the
unknown clipboard copy operation by the server-side .Net applications.

Actually, there can be several attacks with the clipboard operations in
internet zone. For exmaple, the JPEG images may cause some security flaw.(I
suspect you have heard of such issue. If not, you can search "JPEG security
flaw" in google for more information). Also, the "bad" JPEG images be
copied to the clipboard may be read by some other applications, which may
cause system crash or worse...

Anyway, if you want to contact our product team for your concern. You can
submit a bug or a suggestion in the link below. Our product team will
follow up with you:
http://lab.msdn.microsoft.com/productfeedback/default.aspx

For the concern in second paragraph, yes, this is common concern regarding
doing C/S applications in .Net. This is because .Net enforces a more
restricted security model than legacy win32 native code. This is the Code
Access Security in .Net. .Net does not allow the partial-trusted code runs
in a restricted environment(such as internet/intranet), but we can give
some hint information to the client user to increase the permission set to
our application. With getting the trust of the client user, we can run
without any problem.(This is just like instruction the client user to
increase the IE security setting trust for certain web site)

Thanks

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.

 

[Guest]

Hi Jeff,

I am currently working a project where I need to generate a Hyperlink from
data in our database and send that formatted http://... automatically to the
Clients Clipboard. The user then can open up Word and do a Ctrl+V with the
recent contents sent to the Clipboard.

Currently, I am using VB.net, ASP.net, Framework 1.1 to accomplish this task
and the following JavaScript code is how I get the data to the Clipboard:

/// Copy Source to Clipboard
function copytoClipBoard(rSource)
{
if(rSource!= "")
window.clipboardData.setData("Text",rSource);
}

I have been reading articles on the discussion board that this can’t be done
because I will only copy to the Server Clipboard and not the Client’s
Clipboard. It also looks like from one of your post that I will have issues
when I move to Framework 2.0. Are both these statements true? If so, what
work around could I do now so that when I do upgrade to Framework 2.0 I will
not have issues? Is object.execCommand the way to go?

Thanks,

Hi Jack,

Thanks for your feedback.

Yes, I see your concern.

For your concern in the first paragraph, this is because the client user
does the images copy operation by himself. While the .Net application does
the copy operation from the server-side code. Security is all about trust.
If the client user does the copy himself, this means the client user trusts
the images from the server-side. However, we still can not full-trust the
unknown clipboard copy operation by the server-side .Net applications.

Actually, there can be several attacks with the clipboard operations in
internet zone. For exmaple, the JPEG images may cause some security flaw.(I
suspect you have heard of such issue. If not, you can search "JPEG security
flaw" in google for more information). Also, the "bad" JPEG images be
copied to the clipboard may be read by some other applications, which may
cause system crash or worse...

Anyway, if you want to contact our product team for your concern. You can
submit a bug or a suggestion in the link below. Our product team will
follow up with you:
http://lab.msdn.microsoft.com/productfeedback/default.aspx

For the concern in second paragraph, yes, this is common concern regarding
doing C/S applications in .Net. This is because .Net enforces a more
restricted security model than legacy win32 native code. This is the Code
Access Security in .Net. .Net does not allow the partial-trusted code runs
in a restricted environment(such as internet/intranet), but we can give
some hint information to the client user to increase the permission set to
our application. With getting the trust of the client user, we can run
without any problem.(This is just like instruction the client user to
increase the IE security setting trust for certain web site)

Thanks

Best regards,
Jeffrey Tan
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
This posting is provided "as is" with no warranties and confers no rights.