Philipp Stephani schrieb am Fr., 17. Apr. 2015 um 16:00 Uhr: > Stefan Monnier schrieb am Fr., 17. Apr. 2015 > um 15:52 Uhr: > >> > If I understand >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593, >> > this functionality was disabled by default on Debian-based systems for >> > security reasons. >> >> Ah, indeed I see in "man xterm" that allowWindowOps defaults to false >> and that disallowedWindowOps includes both GetSelection and SetSelection. >> If I try >> >> xterm -xrm '*.allowWindowOps: true' >> >> Then things work. Yay! >> >> I don't see why SetSelection would be a serious security issue (tho >> I guess if a program does the right SetSelection at the right time, you >> could end up pasting dangerous commands into a shell). >> For GetSelection, the problem can show up if you view "raw data" without >> going though a pager, but if your terminal is busy running Emacs you're >> safe ;-) >> > > I think the attack vector is: you can trust SSH to not destroy or leak > data on your machine, so you can SSH into arbitrary untrusted machines and > run arbitrary programs there. This trust is broken if the program can > initiate a read of the clipboard of the local machine (the clipboard could > contain confidential information). So I can see why terminal emulator > authors would want to disable/omit this function. Agreed that it wouldn't > be an issue to support it on Emacs's side. I'll try to get my patch working. > I don't recall what exactly happened after this discussion, but it seems that the emacs-25 branch now has support for getSelection and setSelection. Thanks.