Should not allow to paste in the Leave Message box

Bug #146862 reported by Josh Smith on 2007-09-29
Affects Status Importance Assigned to Milestone
GNOME Screensaver
Fix Released
gnome-screensaver (Ubuntu)
Ubuntu Desktop Bugs

Bug Description

Binary package hint: gnome-screensaver

Pressing Ctrl+V while leaving a message pastes the contents of the clipboard. As the session is locked, should potentially anybody be able to see what's on your clipboard?

Pedro Villavicencio (pedro) wrote :

Thanks for your bug report. This bug has been reported to the developers of the software. You can track it and make comments here:

Changed in gnome-screensaver:
assignee: nobody → desktop-bugs
importance: Undecided → Medium
status: New → Triaged
Changed in gnome-screensaver:
status: Unknown → New
John Dong (jdong) wrote :

I marked this as a security bug, which IMO it is. This breaches the privacy of anything on your mouse-paste or copy-paste buffer to any arbitrary person walking by.

Changed in gnome-screensaver:
status: New → Confirmed
Changed in gnome-screensaver:
status: Confirmed → Fix Released
Pedro Villavicencio (pedro) wrote :

Fixed upstream, thanks you!.

Changed in gnome-screensaver:
status: Triaged → Fix Committed
Sebastien Bacher (seb128) wrote :

the bug is fixed in hardy

Changed in gnome-screensaver:
status: Fix Committed → Fix Released
Changed in gnome-screensaver:
importance: Unknown → Critical
Michael Thayer (michael-thayer) wrote :

I would like to draw attention to this issue again. The fix which was created is somewhat problematic, as it causes clipboard content to be lost when the screensaver password screen is shown. Relevant to me is that when that screen is shown in an Ubuntu guest in VirtualBox using clipboard sharing it causes the host clipboard contents to be lost. The original problem which the fix solved no longer exists, since the "leave a message" functionality in gnome-screensaver is long gone, but the upstream GNOME developers do not seem interested in reverting the fix, as gnome-screensaver is only used by Ubuntu at this point and is deprecated upstream. Would it be possible then for you to make that change in Ubuntu?

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.