rickyrockrat
commented
3 years ago It is a feature, and was asked for by users. That feature has to be enabled - I don't believe it comes enabled at start. Also the history is persistent across boots, also something most users want in a clipboard manager. Cutting and pasting passwords is insecure and if you are concerned someone is snooping on your passwords, do not use cut and paste. Nothing in this path is secure ( and that path includes the X clipboard mechanism).
Hi,
In my hunt for a clipboard manager that works properly and well while syncronising clipboards, so I can cut and paste nicely out of my secure password database, and into applications I need them in, I tried out parcellite for a while.
I immediately stopped and tried out another one when, to my horror, I saw this in my ~/.xsession-errors log file:
xdotool:'/bin/sh -c 'xdotool mousedown 2 && xdotool mouseup 2'' text: <my raw password>
Now maybe I am using it wrong, or maybe I am an idiot for expecting a password manager to only transiently store any data anywhere by default, but for your password to be stored in a persistent log file like that, in full, and in clear text, without it being made abundantly clear this would happen somewhere along the way, that strikes me as an oversight, a bug, or at least 'issue'.
Just glancing at my workstation I see that ~/.xsession-errors is at least persisted as ~/.xsession-errors.old at your next session, if not longer perhaps in some distributions/setups.
K.
PS.
$ parcellite --version Flag 0x0001, status 0, EXIT 1 STAT 0 Parcellite svn, GTK 2.24.32 $ lsb_release -a No LSB modules are available. Distributor ID: Linuxmint Description: Linux Mint 20 Release: 20 Codename: ulyana $