Bug 489276 - [Leave message] Cancel button should clean clipboard buffer
[Leave message] Cancel button should clean clipboard buffer
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: gnome-screensaver (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: jmccann
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-09 05:51 EDT by Michal Nowak
Modified: 2015-01-14 18:22 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-03-11 11:13:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
GNOME Desktop 574896 None None None Never

  None (edit)
Description Michal Nowak 2009-03-09 05:51:22 EDT
Description of problem:

When leaving message via gnome-screensaver the clipboard buffer persist closure of the "Leave message" dialog, but only when the procedure of posting the message is interrupted via "Cancel" button. The "Save" button does the mock up.

Version-Release number of selected component (if applicable):

gnome-screensaver-2.25.2-6.fc11.x86_64

How reproducible:

always

Steps to Reproduce:
1. Lock the screen, GNOME Screensaver will pop up
2. Hit "Leave message"
3. Write something, select it, copy to clipboard via Control+C
4. Hit "Cancel"
5. Hit "Leave message"
6. Press Control+P
  
Actual results:

The buffer from previous editing is pasted.

Expected results:

Buffer is cleared on "Cancel" hit.

Additional info:

The user who did Control+C could be potentially different from the one who pressed Control+P and (parts of) the information sent to the "locked" user might be revealed.

After hitting "Cancel" in the "unlock" screen itself, not in the "Leave message" dialog, the clipboard buffer is cleared OK.

Not sure whether it has any security implications, or whether is it a bug at all -- reporting just for the sake of being on the safer side and leaving on your consideration.
Comment 1 Vincent Danen 2009-03-10 17:22:05 EDT
It seems like there have been (and currently are) some issues with gnome-screensaver and clipboard buffer handling.  See:

http://bugzilla.gnome.org/show_bug.cgi?id=482159

and:

http://bugzilla.gnome.org/show_bug.cgi?id=564165

Since this is pretty public, I wouldn't classify this as security sensitive.  Granted, this is slightly different, but I would consider this as one of those "don't do it" type things (and of a much lesser severity than the previous issues).  There really is no reason for someone leaving a message to paste anything to the clipboard.  I would be more worried if copying from the clipboard revealed the actual locked user's clipboard contents or if pasting to the clipboard in gnome-screensaver stayed in the user's clipboard once they unlock the screen.

I think definitely think this is a bug, but I would recommend filing it upstream.  I agree, the clipboard buffer contents should be cleared whether or not they hit "save" or "cancel".

Did you want to file this upstream?
Comment 2 Michal Nowak 2009-03-11 04:31:19 EDT
Agree. Filled upstream, thanks for triage.
Comment 3 Vincent Danen 2009-03-11 11:13:37 EDT
No problem.

I'm going to close this issue then.

Note You need to log in before you can comment on or make changes to this bug.