Description of problem: When leaving message via gnome-screensaver the clipboard buffer persist closure of the "Leave message" dialog, but only when the procedure of posting the message is interrupted via "Cancel" button. The "Save" button does the mock up. Version-Release number of selected component (if applicable): gnome-screensaver-2.25.2-6.fc11.x86_64 How reproducible: always Steps to Reproduce: 1. Lock the screen, GNOME Screensaver will pop up 2. Hit "Leave message" 3. Write something, select it, copy to clipboard via Control+C 4. Hit "Cancel" 5. Hit "Leave message" 6. Press Control+P Actual results: The buffer from previous editing is pasted. Expected results: Buffer is cleared on "Cancel" hit. Additional info: The user who did Control+C could be potentially different from the one who pressed Control+P and (parts of) the information sent to the "locked" user might be revealed. After hitting "Cancel" in the "unlock" screen itself, not in the "Leave message" dialog, the clipboard buffer is cleared OK. Not sure whether it has any security implications, or whether is it a bug at all -- reporting just for the sake of being on the safer side and leaving on your consideration.
It seems like there have been (and currently are) some issues with gnome-screensaver and clipboard buffer handling. See: http://bugzilla.gnome.org/show_bug.cgi?id=482159 and: http://bugzilla.gnome.org/show_bug.cgi?id=564165 Since this is pretty public, I wouldn't classify this as security sensitive. Granted, this is slightly different, but I would consider this as one of those "don't do it" type things (and of a much lesser severity than the previous issues). There really is no reason for someone leaving a message to paste anything to the clipboard. I would be more worried if copying from the clipboard revealed the actual locked user's clipboard contents or if pasting to the clipboard in gnome-screensaver stayed in the user's clipboard once they unlock the screen. I think definitely think this is a bug, but I would recommend filing it upstream. I agree, the clipboard buffer contents should be cleared whether or not they hit "save" or "cancel". Did you want to file this upstream?
Agree. Filled upstream, thanks for triage.
No problem. I'm going to close this issue then.