Summary: | Security issues with auto enabled clipboard history. | ||
---|---|---|---|
Product: | [Plasma] plasmashell | Reporter: | Claus Nomi <senoraraton> |
Component: | Clipboard widget & pop-up | Assignee: | Plasma Bugs List <plasma-bugs> |
Status: | RESOLVED INTENTIONAL | ||
Severity: | wishlist | CC: | goodaqua, ilikefoss, nate, voidpointertonull+bugskdeorg |
Priority: | NOR | ||
Version First Reported In: | 6.0.5 | ||
Target Milestone: | 1.0 | ||
Platform: | Other | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
Claus Nomi
2024-06-14 07:31:07 UTC
It's intended that the feature is on by default because remembering recent clipboard history is genuinely useful—a big productivity booster. If you leave your screen unlocked in a security-sensitive environment, any personal data in the clipboard history is the least of your concern; an attacker has full access to all the rest of your files and personal data too. So ensure that screen locking after inactivity hasn't been turned off (it is on by default) and remember to manually lock the screen if you leave the computer unattended and don't want to wait for the inactivity timer to fire and lock the screen. *** Bug 501030 has been marked as a duplicate of this bug. *** I disagree that the default should be opt-in instead of opt-out! As Nate said, this is very useful feature that a lot of us need. Though a few changes to improve the security and awareness could be made: 1. Make it keep all copied things in memory (meaning in RAM only) by default, so if will not survive between reboots of if there's a sudden power loss or a forced shutdown. 2. When something is copied to the clipboard, make that "Clipboard contents" widget icon change color o wiggle for a second so more new users are aware that for the time of the session the copied stuff can be found there. What should be opt-in: 1. Saving the database to disk instead of the RAM memory. 2. Keeping the clipboard history between reboots. |