Bug 489276 - [Leave message] Cancel button should clean clipboard buffer
Summary: [Leave message] Cancel button should clean clipboard buffer
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: gnome-screensaver
Version: rawhide
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: jmccann
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-03-09 09:51 UTC by Michal Nowak
Modified: 2015-01-14 23:22 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-03-11 15:13:37 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
GNOME Bugzilla 574896 0 None None None Never

Description Michal Nowak 2009-03-09 09:51:22 UTC
Description of problem:

When leaving message via gnome-screensaver the clipboard buffer persist closure of the "Leave message" dialog, but only when the procedure of posting the message is interrupted via "Cancel" button. The "Save" button does the mock up.

Version-Release number of selected component (if applicable):

gnome-screensaver-2.25.2-6.fc11.x86_64

How reproducible:

always

Steps to Reproduce:
1. Lock the screen, GNOME Screensaver will pop up
2. Hit "Leave message"
3. Write something, select it, copy to clipboard via Control+C
4. Hit "Cancel"
5. Hit "Leave message"
6. Press Control+P
  
Actual results:

The buffer from previous editing is pasted.

Expected results:

Buffer is cleared on "Cancel" hit.

Additional info:

The user who did Control+C could be potentially different from the one who pressed Control+P and (parts of) the information sent to the "locked" user might be revealed.

After hitting "Cancel" in the "unlock" screen itself, not in the "Leave message" dialog, the clipboard buffer is cleared OK.

Not sure whether it has any security implications, or whether is it a bug at all -- reporting just for the sake of being on the safer side and leaving on your consideration.

Comment 1 Vincent Danen 2009-03-10 21:22:05 UTC
It seems like there have been (and currently are) some issues with gnome-screensaver and clipboard buffer handling.  See:

http://bugzilla.gnome.org/show_bug.cgi?id=482159

and:

http://bugzilla.gnome.org/show_bug.cgi?id=564165

Since this is pretty public, I wouldn't classify this as security sensitive.  Granted, this is slightly different, but I would consider this as one of those "don't do it" type things (and of a much lesser severity than the previous issues).  There really is no reason for someone leaving a message to paste anything to the clipboard.  I would be more worried if copying from the clipboard revealed the actual locked user's clipboard contents or if pasting to the clipboard in gnome-screensaver stayed in the user's clipboard once they unlock the screen.

I think definitely think this is a bug, but I would recommend filing it upstream.  I agree, the clipboard buffer contents should be cleared whether or not they hit "save" or "cancel".

Did you want to file this upstream?

Comment 2 Michal Nowak 2009-03-11 08:31:19 UTC
Agree. Filled upstream, thanks for triage.

Comment 3 Vincent Danen 2009-03-11 15:13:37 UTC
No problem.

I'm going to close this issue then.


Note You need to log in before you can comment on or make changes to this bug.