Bug 115493 - clipboard not cleared when exiting from su
clipboard not cleared when exiting from su
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: gpm (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Petr Rockai
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-12 19:41 EST by Lee Revell
Modified: 2007-11-30 17:10 EST (History)
5 users (show)

See Also:
Fixed In Version: 1.20.1-67
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-18 09:47:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lee Revell 2004-02-12 19:41:29 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET 
CLR 1.1.4322)

Description of problem:
If I use su to become root at the console, then copy some text into 
the clipboard, then exit the su session, the clipboard is not 
cleared.  This may or may not be a security problem, for example in 
a colo facility where many people have physical access to one console.

Any potential exploit requires a pretty stupid root user, which of 
course is unlikely.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.su to root from (say) joeuser
2.copy some password from a text file with the mouse
3.do stuff
4.exit the su session
5.when you leave and joeuser sits back down, he can paste that 
password into his console

Additional info:
Comment 1 Eido Inoue 2004-04-20 16:10:35 EDT
the login/logout scripts need to be modified so that gpm is shut down
when no VCs are running an interactive session
Comment 2 Eido Inoue 2004-11-04 14:33:57 EST
gpm has been modified in release 67 so that the selection buffer will
be aged (invalidated/flushed/effectively cleared) when it receives a
SIGUSR2 signal.

The .bash_logout script still needs to be modified so that if a) tests
if running on a VT (and not a ptty or serial) using /sbin/consoletype,
b) gpm is running, then c) send a SIGUSR2 to the process via kill(1).

As .bash_logout is copied from the /etc/skel template when a new user
is created, existing users will need to manually modify their
.bash_logout to take advantage of this feature.

Note You need to log in before you can comment on or make changes to this bug.