[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: X selection access in xterm (OSC 52)
|
From: |
Stefan Monnier |
|
Subject: |
Re: X selection access in xterm (OSC 52) |
|
Date: |
Fri, 17 Apr 2015 09:52:30 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux) |
> If I understand https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593,
> this functionality was disabled by default on Debian-based systems for
> security reasons.
Ah, indeed I see in "man xterm" that allowWindowOps defaults to false
and that disallowedWindowOps includes both GetSelection and SetSelection.
If I try
xterm -xrm '*.allowWindowOps: true'
Then things work. Yay!
I don't see why SetSelection would be a serious security issue (tho
I guess if a program does the right SetSelection at the right time, you
could end up pasting dangerous commands into a shell).
For GetSelection, the problem can show up if you view "raw data" without
going though a pager, but if your terminal is busy running Emacs you're
safe ;-)
Hmm... these WindowOps really need to be fixed. E.g. they could require
a secret key (à la xauth), so an attacker wouldn't be able to send the
right command. But of course, that can't be fixed on Emacs's side.
Stefan
> Philipp Stephani <address@hidden> schrieb am Fr., 17. Apr. 2015 um
> 08:25 Uhr:
>> Maybe something needs to be enabled? The documentation says "These
>> controls may be disabled using the allowWindowOps resource." I'll try it
>> today.
>>
>> Stefan Monnier <address@hidden> schrieb am Fr., 17. Apr. 2015
>> um 04:40 Uhr:
>>
>>> Is that normal? Do you guys see the same? I'm using Debian's "xterm"
>>> package version 312-2, for what it's worth.
>>>
>>>
>>> Stefan
>>>
>>>
>>> >>>>> "Stefan" == Stefan Monnier <address@hidden> writes:
>>>
>>> >>> Yes, I took a look and I'll work on integrating the paste
>>> functionality.
>>> >>> Since cut and paste are mostly independent of each other, maybe you
>>> could
>>> >>> already integrate the cut patch?
>>> >> I just installed it (after adding a ChangeLog, and although it still
>>> >> lacks an etc/NEWS entry).
>>>
>>> > BTW, I can't seem to make this feature work for me. I do:
>>>
>>> > emacs -Q -nw
>>> > M-x trace-function RET xterm--set-selection RET
>>> > C-SPC M-f M-f M-f M-w
>>> > <go to a previously running Emacs session in GUI mode>
>>> > C-y
>>>
>>> > and instead of getting the three words from *scratch*, I get whatever
>>> > was already there before in the clipboard. Yet, the trace buffer shows
>>> > that xterm--set-selection was called alright (and edebugging it also
>>> > indicates that it seems to be doing what it should).
>>>
>>>
>>> > Stefan
>>>
>>
- Re: X selection access in xterm (OSC 52), Philipp Stephani, 2015/04/08
- Re: X selection access in xterm (OSC 52), Stefan Monnier, 2015/04/08
- Re: X selection access in xterm (OSC 52), Philipp Stephani, 2015/04/09
- Re: X selection access in xterm (OSC 52), Stefan Monnier, 2015/04/13
- Re: X selection access in xterm (OSC 52), Stefan Monnier, 2015/04/13
- Re: X selection access in xterm (OSC 52), Stefan Monnier, 2015/04/16
- Re: X selection access in xterm (OSC 52), Philipp Stephani, 2015/04/17
- Re: X selection access in xterm (OSC 52), Philipp Stephani, 2015/04/17
- Re: X selection access in xterm (OSC 52),
Stefan Monnier <=
- Re: X selection access in xterm (OSC 52), Philipp Stephani, 2015/04/17