From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.devel Subject: Re: X selection access in xterm (OSC 52) Date: Tue, 29 Mar 2016 10:15:57 +0000 Message-ID: References: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=001a1140c8ec4afe91052f2d513a X-Trace: ger.gmane.org 1459246604 13133 80.91.229.3 (29 Mar 2016 10:16:44 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 29 Mar 2016 10:16:44 +0000 (UTC) Cc: Olaf Rogalsky , Emacs developers , Yuri Khan To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Tue Mar 29 12:16:34 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1akqhO-0001UL-8E for ged-emacs-devel@m.gmane.org; Tue, 29 Mar 2016 12:16:34 +0200 Original-Received: from localhost ([::1]:45682 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1akqhK-0005Cs-7u for ged-emacs-devel@m.gmane.org; Tue, 29 Mar 2016 06:16:30 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:59554) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1akqh2-0005Cf-V5 for emacs-devel@gnu.org; Tue, 29 Mar 2016 06:16:14 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1akqgy-0004Wv-Ic for emacs-devel@gnu.org; Tue, 29 Mar 2016 06:16:12 -0400 Original-Received: from mail-lf0-x22e.google.com ([2a00:1450:4010:c07::22e]:33673) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1akqgy-0004Wo-5b for emacs-devel@gnu.org; Tue, 29 Mar 2016 06:16:08 -0400 Original-Received: by mail-lf0-x22e.google.com with SMTP id g124so5824347lfg.0 for ; Tue, 29 Mar 2016 03:16:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=8Oz5zWquEy5Gk0zQ4Y8KhOoAEhEFbjcoTp6d8GHfCo0=; b=AuGVUdfzneCRk24wXLGLIM55Tm9fK1a8kCArpU/AUHejNaA6PE6saxK2sotuZlHdwx VxY2jpYrLb4Ov4c/D8gGOUsr6ysrsdogOBofkTk5MIPE6bS1XDs8yXwdjtmVjSxmgCAH tCeKoknYtxARtvOIRMLTa/Ce+eny7y0krewxr8OdbFKVbGo37oV/y2fkx4oYVgIGn7rC FaYE2TvdB404dUjMTe6ESRdzEmBSJ/1Kid87qt8zr9xSLE6xaeuXXVy0hepMocAzhMSJ 7FUxKnhkIAY9PtM61VycjZifsO+OHtxoD/699JA6HOM3UQqqQyQJyxaTSsnghOiVeSDY gyyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=8Oz5zWquEy5Gk0zQ4Y8KhOoAEhEFbjcoTp6d8GHfCo0=; b=ByqX9UI0SjKBiLZjlguOcDkzmimIXXP1uisssKtlAWat05SWrfiYU/vga50oA1zU3r w5LGIFdRpNEIkbH3SJgGIRWyw4O8EXbeN0qVPKTSLFbk7Hkknqd4+jR9ok48mI3hqw2e M9s+C7J4GDYIq2Seym73dM227rW/OroAiDgXmVun3siKZ4PDuSoPscLqsNZ0wGKj8gV1 vJov/kly6XvliCxMd2dnhs2Ik3sFgiQ2OmT9Rp364DuFYkjIoIjAsz2lxYEyLsHLeOj5 9n1VGRL9XIYLsUbQhaDUQE9cb0AKJ4dMsO5dqKMdilMD964epEOLkjaIctMFDu8QQe9S e0mg== X-Gm-Message-State: AD7BkJK1cJGB0vDc+QuZYWYxNxPmCRz2GZb6KIODTB0vvr4HIuHyjtiyq2jJ+IhoiAG+NCC5kVwY19p4QDEX0g== X-Received: by 10.25.212.213 with SMTP id l204mr748772lfg.118.1459246567454; Tue, 29 Mar 2016 03:16:07 -0700 (PDT) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c07::22e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:202377 Archived-At: --001a1140c8ec4afe91052f2d513a Content-Type: text/plain; charset=UTF-8 Philipp Stephani schrieb am Fr., 17. Apr. 2015 um 16:00 Uhr: > Stefan Monnier schrieb am Fr., 17. Apr. 2015 > um 15:52 Uhr: > >> > If I understand >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593, >> > this functionality was disabled by default on Debian-based systems for >> > security reasons. >> >> Ah, indeed I see in "man xterm" that allowWindowOps defaults to false >> and that disallowedWindowOps includes both GetSelection and SetSelection. >> If I try >> >> xterm -xrm '*.allowWindowOps: true' >> >> Then things work. Yay! >> >> I don't see why SetSelection would be a serious security issue (tho >> I guess if a program does the right SetSelection at the right time, you >> could end up pasting dangerous commands into a shell). >> For GetSelection, the problem can show up if you view "raw data" without >> going though a pager, but if your terminal is busy running Emacs you're >> safe ;-) >> > > I think the attack vector is: you can trust SSH to not destroy or leak > data on your machine, so you can SSH into arbitrary untrusted machines and > run arbitrary programs there. This trust is broken if the program can > initiate a read of the clipboard of the local machine (the clipboard could > contain confidential information). So I can see why terminal emulator > authors would want to disable/omit this function. Agreed that it wouldn't > be an issue to support it on Emacs's side. I'll try to get my patch working. > I don't recall what exactly happened after this discussion, but it seems that the emacs-25 branch now has support for getSelection and setSelection. Thanks. --001a1140c8ec4afe91052f2d513a Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


Philip= p Stephani <p.stephani2@gmail.c= om> schrieb am Fr., 17. Apr. 2015 um 16:00=C2=A0Uhr:
Stefan= Monnier <= monnier@iro.umontreal.ca> schrieb am Fr., 17. Apr. 2015 um 15:52=C2= =A0Uhr:
> If I understand https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D384593,
> this functionality was disabled by default on Debian-based systems for=
> security reasons.

Ah, indeed I see in "man xterm" that allowWindowOps defaults to f= alse
and that disallowedWindowOps includes both GetSelection and SetSelection. If I try

=C2=A0 =C2=A0xterm -xrm '*.allowWindowOps: true'

Then things work.=C2=A0 Yay!

I don't see why SetSelection would be a serious security issue (tho
I guess if a program does the right SetSelection at the right time, you
could end up pasting dangerous commands into a shell).
For GetSelection, the problem can show up if you view "raw data" = without
going though a pager, but if your terminal is busy running Emacs you're=
safe ;-)

I think the attack vector is: you can trust SSH t= o not destroy or leak data on your machine, so you can SSH into arbitrary u= ntrusted machines and run arbitrary programs there. This trust is broken if= the program can initiate a read of the clipboard of the local machine (the= clipboard could contain confidential information). So I can see why termin= al emulator authors would want to disable/omit this function. Agreed that i= t wouldn't be an issue to support it on Emacs's side. I'll try = to get my patch working.

= I don't recall what exactly happened after this discussion, but it seem= s that the emacs-25 branch now has support for getSelection and setSelectio= n. Thanks.=C2=A0
--001a1140c8ec4afe91052f2d513a--