After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 503005 - Possible security issue: notify feature allows leaking of the selection & clipboard
Possible security issue: notify feature allows leaking of the selection & cli...
Status: RESOLVED DUPLICATE of bug 482159
Product: gnome-screensaver
Classification: Deprecated
Component: dialog
unspecified
Other Linux
: Normal major
: ---
Assigned To: gnome-screensaver maintainers
gnome-screensaver maintainers
Depends on:
Blocks:
 
 
Reported: 2007-12-11 09:02 UTC by Sebastian Dröge (slomo)
Modified: 2007-12-12 18:25 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Sebastian Dröge (slomo) 2007-12-11 09:02:11 UTC
Quoting http://bugs.debian.org/455484 :

With the addition of the feature to send a message to the logged in user
when they return and unlock a locked session, this gives local attackers
the ability to read the X selection and clipboard buffers with a middle
click on the mouse and a Ctrl+V. I note that the box to leave a message
doesn't have a context menu that you could paste via, but it doesn't go
far enough.
Comment 1 Sebastien Bacher 2007-12-12 18:25:11 UTC
Thanks for the bug report. This particular bug has already been reported into our bug tracking system, but please feel free to report any further bugs you find.


*** This bug has been marked as a duplicate of 482159 ***