[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X selection access in xterm (OSC 52)

From: Philipp Stephani
Subject: Re: X selection access in xterm (OSC 52)
Date: Tue, 29 Mar 2016 10:15:57 +0000

Philipp Stephani <address@hidden> schrieb am Fr., 17. Apr. 2015 um 16:00 Uhr:
Stefan Monnier <address@hidden> schrieb am Fr., 17. Apr. 2015 um 15:52 Uhr:
> If I understand https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593,
> this functionality was disabled by default on Debian-based systems for
> security reasons.

Ah, indeed I see in "man xterm" that allowWindowOps defaults to false
and that disallowedWindowOps includes both GetSelection and SetSelection.
If I try

   xterm -xrm '*.allowWindowOps: true'

Then things work.  Yay!

I don't see why SetSelection would be a serious security issue (tho
I guess if a program does the right SetSelection at the right time, you
could end up pasting dangerous commands into a shell).
For GetSelection, the problem can show up if you view "raw data" without
going though a pager, but if your terminal is busy running Emacs you're
safe ;-)

I think the attack vector is: you can trust SSH to not destroy or leak data on your machine, so you can SSH into arbitrary untrusted machines and run arbitrary programs there. This trust is broken if the program can initiate a read of the clipboard of the local machine (the clipboard could contain confidential information). So I can see why terminal emulator authors would want to disable/omit this function. Agreed that it wouldn't be an issue to support it on Emacs's side. I'll try to get my patch working.

I don't recall what exactly happened after this discussion, but it seems that the emacs-25 branch now has support for getSelection and setSelection. Thanks. 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]