New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hide the contents of clipboard from the systemd service logs #49
Conversation
Add CM_PRIVACY (default: 1) that hides any clipboard content from standard output.
Hey there! I'm not super convinced that this is a security matter since systemd journal logs are permissioned off per-user anyway. If the user is root, they could also just as well be reading the tmpdir that stores the clipboard contents. I do however agree that the spam is not necessary in normal usage. I think it probably makes sense to gate this behind |
I agree this is a security/privacy issue because it could cause the clipboard contents to persist far longer then intended. Systemd logs might go into a backup that persist for a quite a long time-- not what I would expect for clipboard history. I agree with the idea that the clipboard contents should stay out of the log files unless debug mode is enabled. |
I'm running the latest version from Git and I still see clipboard entries in my systemd journal when running
There are also the warnings or errors about /dev/stderr (On Ubuntu 17.10), but it seems work despite those. |
I'm not sure if this issue happens all the time, or only when /dev/stderr can't be read. Perhaps in debug mode it would be better to not send this output to /dev/null, since it might be helpful for diagnostics.
35a3cb2 should fix your problems with /dev/stderr. As for writing out the selection... I'm not sure what's causing that and can't repro with the develop branch. Can you show me these while running with |
@cdown With the last patch, I still get the same kind of error, it's just about not being able to find I ran with
Are you testing with the |
If the user uses the provided clipmenud.service unit, the systemd logs will contain a permanent list of all the previous contents of the clipboards. This is because the content is printed to standard out every time something new is copied and systemd logs standard out for services.
I implemented an option to clipmenud that disables printing the actual contents from the clipboard to standard out. I also added the environment variable to the systemd service unit file, to make sure it is active. Please give me feedback on anything you want to change, such as if this "privacy mode" should be default on or off. I left it on by default, but it's of course possible to have it off by default and have the systemd unit start with it either way.