clipboard fix (v2)

[raiden-staging]

(Issue #31 , cont. from PR #36 )

Fix :

• added admin neko profile with enabled clipboard , was not enough to operate as host
• as found in PR#36 , m1k1o/neko/chromium:3.0.6 only enables clipboard controls for hosts
• fix required making new neko:base & neko:chromium builds
  • source in raiden-staging/neko
  • where host-only controls scoping is disabled
• updated the chromium-headful Dockerfile
  • FROM ghcr.io/raiden-staging/neko/chromium:3.0.6-kernel-editv1 AS neko
  • package released here

Clipboard now works 👍

---

Notes

• Takes a long time for the neko images to build from gh actions (40+ mins)
• External APIs for computer controls outside of the neko image seems to be the right approach for faster iterations in near future ; but we can periodically merge into neko:chromium if we are to expose the neko websockets and events directly as part of the computer controls apis too

---

TL;DR

Fixed clipboard functionality in the chromium-headful image by using a custom neko base image that disables host-only clipboard restrictions and configuring an admin user.

Why we made these changes

The previous neko image (m1k1o/neko/chromium:3.0.6) only enabled clipboard controls for hosts, which was insufficient for the intended operation. This change addresses that limitation by integrating a custom neko build where host-only controls are disabled, ensuring clipboard access for all users, specifically the 'admin' profile.

What changed?

• images/chromium-headful/Dockerfile: Updated to use ghcr.io/raiden-staging/neko/chromium:3.0.6-kernel-editv1 as the base image, a custom build that disables host-only clipboard events.
• images/chromium-headful/client/src/components/connect.vue: Modified auto-login to use 'kernel' as the display name and 'admin' as the password.
• images/chromium-headful/neko.yaml: Switched the authentication provider from noauth to multiuser, adding detailed password settings and permission profiles for admin and regular users.

Validation

• Clipboard functionality verified to be working.
  

[mesa-dot-dev]

What Changed

This PR successfully enables clipboard functionality for all users by addressing a limitation in the upstream neko image. The key changes include:

• Updating the Dockerfile to use a custom-built neko/chromium image (ghcr.io/raiden-staging/neko/chromium:3.0.6-kernel-editv1) where host-only clipboard controls are disabled.
• Reconfiguring neko.yaml to switch from noauth to a multiuser authentication provider, adding distinct admin and user profiles with specific permissions.
• Updating the client-side auto-login credentials in connect.vue to use the new admin profile.

Risks / Concerns

This PR introduces a few security concerns that should be addressed:

• Supply Chain: The new base image ghcr.io/raiden-staging/neko/chromium:3.0.6-kernel-editv1 in the Dockerfile is not pinned with a digest hash. This can lead to non-reproducible builds and supply chain vulnerabilities.
• Weak Credentials: A hardcoded password "admin" is used in neko.yaml. This should be replaced with a stronger, configurable secret.
• Excessive Permissions: In neko.yaml, regular users are granted can_host: true permissions, which may be unnecessary and could allow them to take control of sessions from admins.

^{3 files reviewed | 3 comments | Review on Mesa | Edit Reviewer Settings}

[mesa-dot-dev]

Consider adding a version pin or digest hash to ensure reproducible builds and avoid potential supply chain risks. For example: FROM ghcr.io/raiden-staging/neko/chromium:3.0.6-kernel-editv1@sha256:... or at minimum document the source commit/tag this image was built from for audit purposes.

^{Type: Security | Severity: Medium}

[mesa-dot-dev]

Using "admin" as the admin password is a security risk, even in development environments. Consider using a stronger password or making this configurable via environment variables.

^{Type: Security | Severity: Medium}

[mesa-dot-dev]

Both admin and user profiles have can_host: true. While this may be intentional for clipboard functionality, consider if regular users really need host permissions, as this could allow them to take control of the session from admins.

^{Type: Security | Severity: Medium}

[mesa-dot-dev]

What Changed

This PR fixes clipboard functionality in the chromium-headful image. The core change involves switching to a custom-built base image, ghcr.io/raiden-staging/neko/chromium:3.0.6-kernel-editv1, which removes the upstream restriction that limited clipboard access to host users only. To support this, neko.yaml was updated to use a multiuser authentication provider, defining an admin profile with clipboard permissions enabled. Consequently, the frontend component connect.vue was updated to auto-login with the new admin credentials.

Risks / Concerns

Excellent work resolving the clipboard issue by creating a custom neko image. The primary concern is the significant build time (40+ mins) for this custom image, which could slow down future iterations. Also, note that the auto-login credentials are now part of the client-side code in connect.vue.

^{3 files reviewed | 0 comments | Review on Mesa | Edit Reviewer Settings}

[cursor]

Bug: Default Passwords Expose Admin Access

Weak default passwords are hardcoded for admin ("admin") and user ("neko") accounts in the neko.yaml configuration under the multiuser provider. This creates a security vulnerability, allowing unauthorized administrative access, including full clipboard and hosting privileges, if not changed upon deployment.

Locations (1)

• images/chromium-headful/neko.yaml#L9-L22

[rgarcia]

Hey @raiden-staging I've forked neko over here: https://github.com/onkernel/neko

Could you open a PR on that repo with this change?

[raiden-staging]

included with #46 ✅