[Bug 690514] New: pinentry-{gtk2,qt4} doesn't allow copy&paste
https://bugzilla.novell.com/show_bug.cgi?id=690514 https://bugzilla.novell.com/show_bug.cgi?id=690514#c0 Summary: pinentry-{gtk2,qt4} doesn't allow copy&paste Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Other AssignedTo: puzel@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- The graphical pinentry programs don't allow to paste a passphrase via middle mouse. I got a document symmetrically encrypted with a 64 byte random string. That's impossible to type in... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690514 https://bugzilla.novell.com/show_bug.cgi?id=690514#c Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED Status Whiteboard| |pinentry -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690514 https://bugzilla.novell.com/show_bug.cgi?id=690514#c1 Petr Uzel <puzel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |lnussel@novell.com --- Comment #1 from Petr Uzel <puzel@novell.com> 2011-04-29 13:07:47 UTC --- Inability to copy&paste to pinentry-{qt?,gtk*} is intentional upstream security feature. It's debatable whether this actually increases the security of the system, but I doubt we can convince upstream to allow pasting. I've seen a patch for pinentry-qt4 that allows pasting, but afaics none of the major distributions picked it. I'm also reluctant to differ from upstream pinentry in this respect. Your opinion? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690514 https://bugzilla.novell.com/show_bug.cgi?id=690514#c2 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |security-team@suse.de InfoProvider|lnussel@novell.com | --- Comment #2 from Ludwig Nussel <lnussel@novell.com> 2011-04-29 15:16:58 CEST --- I don't see any security gain from disallowing copy&paste. What's the threat this is supposed to protect against? Personally I don't even know most of my passwords so I'm copy&pasting random generated strings all the time. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690514 https://bugzilla.novell.com/show_bug.cgi?id=690514#c3 --- Comment #3 from Petr Uzel <puzel@novell.com> 2011-04-29 13:56:50 UTC --- (In reply to comment #2)
I don't see any security gain from disallowing copy&paste. What's the threat this is supposed to protect against?
Originally, my impression was that even displaying the password on the screen and copying it to X clipboard might pose a security risk (yes, nothing pinentry could protect against anyway). OTOH, on second thought, if some process has access to X clipboard, it has probably also other ways of getting to the password and also inability to use 'too-long-to-type-in' passwords won't improve security. Just checked kdesu and gnomesu and both allow pasting. IOW, I'm convinced ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690514 https://bugzilla.novell.com/show_bug.cgi?id=690514#c5 Vitezslav Cizek <vcizek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vcizek@suse.com Severity|Major |Enhancement --- Comment #5 from Vitezslav Cizek <vcizek@suse.com> 2011-09-16 15:21:46 CEST --- I've made patches for the qt4 and the gtk-2 versions that allow pasting from the clipboard. The gtk-2 version currently doesn't support paste with middle mouse button click. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690514 https://bugzilla.novell.com/show_bug.cgi?id=690514#c6 --- Comment #6 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-09-19 11:00:16 CEST --- This is an autogenerated message for OBS integration: This bug (690514) was mentioned in https://build.opensuse.org/request/show/83381 Factory / pinentry -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=690514 https://bugzilla.novell.com/show_bug.cgi?id=690514#c7 Vitezslav Cizek <vcizek@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #7 from Vitezslav Cizek <vcizek@suse.com> 2011-09-19 13:04:27 CEST --- On its way to factory, closing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com