Philipp Stephani
schrieb am Fr., 17. Apr. 2015 um
16:00 Uhr:
> Stefan Monnier schrieb am Fr., 17. Apr. 2015
> um 15:52 Uhr:
>
>> > If I understand
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593,
>> > this functionality was disabled by default on Debian-based systems for
>> > security reasons.
>>
>> Ah, indeed I see in "man xterm" that allowWindowOps defaults to false
>> and that disallowedWindowOps includes both GetSelection and SetSelection.
>> If I try
>>
>> xterm -xrm '*.allowWindowOps: true'
>>
>> Then things work. Yay!
>>
>> I don't see why SetSelection would be a serious security issue (tho
>> I guess if a program does the right SetSelection at the right time, you
>> could end up pasting dangerous commands into a shell).
>> For GetSelection, the problem can show up if you view "raw data" without
>> going though a pager, but if your terminal is busy running Emacs you're
>> safe ;-)
>>
>
> I think the attack vector is: you can trust SSH to not destroy or leak
> data on your machine, so you can SSH into arbitrary untrusted machines and
> run arbitrary programs there. This trust is broken if the program can
> initiate a read of the clipboard of the local machine (the clipboard could
> contain confidential information). So I can see why terminal emulator
> authors would want to disable/omit this function. Agreed that it wouldn't
> be an issue to support it on Emacs's side. I'll try to get my patch working.
>
I don't recall what exactly happened after this discussion, but it seems
that the emacs-25 branch now has support for getSelection and setSelection.
Thanks.