[Pkg-utopia-maintainers] Bug#677418: Due Debian bug #677418 -- gpm sharing clipboard between different users
Samuel Thibault
sthibault at debian.org
Mon Jul 9 21:50:35 UTC 2012
Christoph Anton Mitterer, le Mon 09 Jul 2012 20:28:55 +0000, a écrit :
> On Tue, 2012-07-03 at 15:21 -0300, Samuel Thibault wrote:
> > gpm does not implement the paste functionality, it's all handled in the
> > kernel. gpm only calls ioctl(TIOCLINUX) to set the selection (by only
> > giving the coordinates!), and make the kernel paste.
> Well... but in principle there must be some way for it to control
> pasting, as pasting doesn't work when gpm is not running...
As said above: when it receives a mouse click, it uses ioctl(TIOCLINUX)
to make the kernel paste. But it doesn't even know what is being pasted.
> > Not allowing cross-user copy/paste would be a big regression. I use it
> > quite often for instance.
> Ok,... I also use it,... but nevertheless it's a security hole.
> You could argue the same way that all user share a common X.org
> clipboard - just because it's handy.
>
> A "solution" might be to add a configuration option, that allows
> cross-user copy/pasting... but that should then be disabled per default,
> IMHO.
I wonder who will ever notice and enable it.
> > Clearing the selection when nobody is logged any more, however, should
> > be fine. As long as a user is logged in, if somebody else comes over
> > the keyboard he'll be able to do other nasty things anyway.
> As mentioned before several times:
I haven't seen that mentioned in this thread.
> don't think that limited, that console access always means begin
> directly at the hardware with a keyboard... just think about serial
> console via some network adapters...
These don't matter here: unless they are the same as some of the users
logged into the keyboard console, they don't have any access to the
keyboard console, and thus not to the copy/paste buffer either.
Samuel
More information about the Pkg-utopia-maintainers
mailing list