Hi.
First.... gpm has no bug tracker right? So could you please CC the Debian bug, that we can record all this at some central palce? :) On Thu, 2012-06-14 at 11:06 +0200, Jan Lieskovsky wrote: > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677418 I've updated some information there: Mainly that I think that ideally, a clipboard should be kept per logged in user (and obviously each user should only get access to "his" clipboard). This includes, that a user's clipboard is removed one he has logged out from all his sessions. It does not mean, that there should be a clipboard for each terminal of a user. > Have tested the reported behaviour in two different subcases: > 1) try just two tabs, under each one of them logged in as different > user (under first one as 'root', under another as common, unprivileged > user). In this case the described behaviour works (IOW area selected > by root is paste-able by unprivileged user). Note that this is of course not only a security hole between root/user-A but also between user-A/user-B situations. > But I would not consider this to be a trust boundary cross (security > issue). If you can login as root to some system, the fact that when > you log in to the same host as unprivileged user within the same application > isn't such a big deal. I can't understand why you think this... especially on multi-user systems it IS absolutely critical. The system could be some terminal computer where people from many different places can access a console. > 2) but tried also KDE's konsole vs Gnome's gnome-terminal (being logged in > as root in KDE's konsole, later login as unprivileged user to the same > host via gnome-terminal and try to paste the content). It still allowed > the unprivileged user to see the content of selected root area (content > of clipboard). I don't exactly understand what you did there... gpm shouldn't work within X at all, should it? > You think it should be considered a security issue or not? (IMHO gpm > should use separated clipboard for each of the users, so it would not > be possible one user to see the clipboards content of the other) See my comments above, that go even a bit further... Obviously session tracking would complicate things a bit,... one could e.g. use consolekit for this, but that may be an unwanted dependency. From a "theoretical" security point of view, there should be no strict need, to clear a user's clipboard when all his sessions are logged out. Because an attacker that gains access to this (and could therefore read the clipboard on subsequent re-logins) could probably also install key-loggers or so. But it may be helpful on systems where multiple persons share one account (in theory each person should have it's own account, which is why I wrote "theoretical" above)... an it's also the behaviour of X' clipboard. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
