[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X selection access in xterm (OSC 52)

From: Stefan Monnier
Subject: Re: X selection access in xterm (OSC 52)
Date: Fri, 17 Apr 2015 09:52:30 -0400
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.50 (gnu/linux)

> If I understand https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593,
> this functionality was disabled by default on Debian-based systems for
> security reasons.

Ah, indeed I see in "man xterm" that allowWindowOps defaults to false
and that disallowedWindowOps includes both GetSelection and SetSelection.
If I try

   xterm -xrm '*.allowWindowOps: true'

Then things work.  Yay!

I don't see why SetSelection would be a serious security issue (tho
I guess if a program does the right SetSelection at the right time, you
could end up pasting dangerous commands into a shell).
For GetSelection, the problem can show up if you view "raw data" without
going though a pager, but if your terminal is busy running Emacs you're
safe ;-)

Hmm... these WindowOps really need to be fixed.  E.g. they could require
a secret key (à la xauth), so an attacker wouldn't be able to send the
right command.  But of course, that can't be fixed on Emacs's side.


> Philipp Stephani <address@hidden> schrieb am Fr., 17. Apr. 2015 um
> 08:25 Uhr:

>> Maybe something needs to be enabled? The documentation says "These
>> controls may be disabled using the allowWindowOps resource." I'll try it
>> today.
>> Stefan Monnier <address@hidden> schrieb am Fr., 17. Apr. 2015
>> um 04:40 Uhr:
>>> Is that normal?  Do you guys see the same?  I'm using Debian's "xterm"
>>> package version 312-2, for what it's worth.
>>> Stefan
>>> >>>>> "Stefan" == Stefan Monnier <address@hidden> writes:
>>> >>> Yes, I took a look and I'll work on integrating the paste
>>> functionality.
>>> >>> Since cut and paste are mostly independent of each other, maybe you
>>> could
>>> >>> already integrate the cut patch?
>>> >> I just installed it (after adding a ChangeLog, and although it still
>>> >> lacks an etc/NEWS entry).
>>> > BTW, I can't seem to make this feature work for me.  I do:
>>> >    emacs -Q -nw
>>> >    M-x trace-function RET xterm--set-selection RET
>>> >    C-SPC M-f M-f M-f M-w
>>> >    <go to a previously running Emacs session in GUI mode>
>>> >    C-y
>>> > and instead of getting the three words from *scratch*, I get whatever
>>> > was already there before in the clipboard.  Yet, the trace buffer shows
>>> > that xterm--set-selection was called alright (and edebugging it also
>>> > indicates that it seems to be doing what it should).
>>> >         Stefan

reply via email to

[Prev in Thread] Current Thread [Next in Thread]