https://bugs.kde.org/show_bug.cgi?id=275442
Sybren Stüvel <syb...@stuvel.eu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|WONTFIX |---
CC| |syb...@stuvel.eu
Status|RESOLVED |REOPENED
--- Comment #2 from Sybren Stüvel <syb...@stuvel.eu> ---
This is not just dangerous when the password was copied. Any information that
is leaked by the lock screen is potentially dangerous. Note that middle-mouse
also works, which means that anything that was selected before locking is
obtainable from the lock screen. This can include any private information, such
as emails, credit card information, etc.
@Martin Flöser: The objections you have to clearing the clipboard prior to
locking are of course valid. However, this is just one of the ways to solve
this issue. Another way would be to capture middle-mouse (and other
paste-events) in the one leaky password input box and explicitly ignore them.
Here is an example on how to do this:
https://forum.qt.io/topic/30162/how-disable-copy-and-paste-on-qlineedit/2.
Alternatively, since QLineEdit already has the ability to allow/disallow
undo/redo, the Qt developers would be open to add a similar flag to
allow/disallow copy/paste.
Note that this is still an issue in 2018 and kscreenlocker 5.10.5.1-0ubuntu2.
--
You are receiving this mail because:
You are watching all bug changes.
