/usr/bin/disable-paste is suid root. The gpm Makefile contains this
line:

$(INSTALL_PROGRAM) -o root -m 4755 disable-paste \
$(bindir)/disable-paste

  So apparently the gpm people think it should be suid-root. I have
emailed Ian Zimmerman <itz> who is mentioned in the Makefile
about this. I will update this bug when I hear back from him.

  I chmod'ed /usr/bin/disable-paste 755 and I had no problems copy and
pasting among vc's etc.

  This is the entire disable-paste.c

#include <unistd.h>             /* execv */

static char* argv[] = {
  "gpm",
  "-A",
  "-q",
  0
};

int
main()

  execv(SBINDIR "/gpm", argv);
  exit(127);

Email from Ian Zimmerman <itz> (maintainer of gpm):

>   I am looking at /usr/bin/disable-paste in the gpm package which is
>   suid root. I am wondering what the need of setting this file suid
>   root is. Brief testing has shown no ill consequences from changing
>   this file to 755.

disable-paste has to be suid root because it exec's gpm with the -k
argument.  If run as a normal user, it won't crash and burn, but it
won't do anything else either (in particular, it won't do its job
which is to disable any existing kernel selection buffer until a new
selection is made).

--
Ian Zimmerman                         <itz>
Electing a quail for President might cause wierd affects,
such as school principles refusing to eat baked potatoe.

Sorry to reopen, but -- wrong.
Do this:

chmod -s `which disable-paste`

Now, as a non-root user, select some stuff in the console.
Now run the unprivileged disable-paste. And hey presto, the kernel
console paste buffer has been cleared. This proves that suid-root
privs are not required

So please verify this finding and remove the suid bit in Rawhide.

Remember, disable-paste execs "gpm" as root, which inherits arbitrary
user environment variables, etc, so the risk is beyond the 10 lines of
code or so in "disable-paste" itself.

Fixed (by removing setuid) in gpm-1.17.5-5. Thanks for persisting.