From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.devel Subject: Re: X selection access in xterm (OSC 52) Date: Fri, 17 Apr 2015 14:00:02 +0000 Message-ID: References: NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=047d7bacbd4831a73c0513ebffcb X-Trace: ger.gmane.org 1429279227 6374 80.91.229.3 (17 Apr 2015 14:00:27 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 17 Apr 2015 14:00:27 +0000 (UTC) Cc: Olaf Rogalsky , Emacs developers , Yuri Khan To: Stefan Monnier Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Fri Apr 17 16:00:26 2015 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Yj6oj-0008RG-HD for ged-emacs-devel@m.gmane.org; Fri, 17 Apr 2015 16:00:25 +0200 Original-Received: from localhost ([::1]:41540 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yj6oi-0002sy-T2 for ged-emacs-devel@m.gmane.org; Fri, 17 Apr 2015 10:00:24 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52839) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yj6oT-0002sg-TI for emacs-devel@gnu.org; Fri, 17 Apr 2015 10:00:11 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Yj6oP-00010c-HJ for emacs-devel@gnu.org; Fri, 17 Apr 2015 10:00:09 -0400 Original-Received: from mail-wi0-x232.google.com ([2a00:1450:400c:c05::232]:34949) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Yj6oP-0000xX-65 for emacs-devel@gnu.org; Fri, 17 Apr 2015 10:00:05 -0400 Original-Received: by widdi4 with SMTP id di4so22955730wid.0 for ; Fri, 17 Apr 2015 07:00:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=KtG/32ZFwTbh1noJxLse71w6KHMNvNTiAsTLHJWKd0A=; b=NWqkXl8PXkrGsnJchWuZx3dJtvYj185+qVGyNdljJx8m3C1Nu47xi6CL24PCFqIffM OmdEUtAxz7c5sEZh5uZg4T9G/74nQUEf0Dv7ABFx15NDXPN0brCjG17gKCGerFHVDpFy ffUiYS3idhf+6CGMewqYwlxB1h/zvPLLNmWLrDyJSzdLk0FaRgrF7RzKDgH4iRBqq2FM 2NlrXk2cKS8Fb11Rt5/UNSKjEt1Fuxb0K8bmGDGy/+UVMIuXFApAuLMIZSK9ub1MmoLe TnncBrxF5/IG2JwGgvqDmutHxjP1zqUjFZc/6A/B1Ul9VTxwkXh+Zcj5iGAY6FYfCBg9 IcGQ== X-Received: by 10.194.93.195 with SMTP id cw3mr6401182wjb.150.1429279203238; Fri, 17 Apr 2015 07:00:03 -0700 (PDT) In-Reply-To: X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:400c:c05::232 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:185522 Archived-At: --047d7bacbd4831a73c0513ebffcb Content-Type: text/plain; charset=UTF-8 Stefan Monnier schrieb am Fr., 17. Apr. 2015 um 15:52 Uhr: > > If I understand https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593 > , > > this functionality was disabled by default on Debian-based systems for > > security reasons. > > Ah, indeed I see in "man xterm" that allowWindowOps defaults to false > and that disallowedWindowOps includes both GetSelection and SetSelection. > If I try > > xterm -xrm '*.allowWindowOps: true' > > Then things work. Yay! > > I don't see why SetSelection would be a serious security issue (tho > I guess if a program does the right SetSelection at the right time, you > could end up pasting dangerous commands into a shell). > For GetSelection, the problem can show up if you view "raw data" without > going though a pager, but if your terminal is busy running Emacs you're > safe ;-) > I think the attack vector is: you can trust SSH to not destroy or leak data on your machine, so you can SSH into arbitrary untrusted machines and run arbitrary programs there. This trust is broken if the program can initiate a read of the clipboard of the local machine (the clipboard could contain confidential information). So I can see why terminal emulator authors would want to disable/omit this function. Agreed that it wouldn't be an issue to support it on Emacs's side. I'll try to get my patch working. --047d7bacbd4831a73c0513ebffcb Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


Stefan Monnier <monnier@iro.umontreal.ca> sc= hrieb am Fr., 17. Apr. 2015 um 15:52=C2=A0Uhr:
> If I understand https://bugs.debian.org/cgi-bin/bu= greport.cgi?bug=3D384593,
> this functionality was disabled by default on Debian-based systems for=
> security reasons.

Ah, indeed I see in "man xterm" that allowWindowOps defaults to f= alse
and that disallowedWindowOps includes both GetSelection and SetSelection. If I try

=C2=A0 =C2=A0xterm -xrm '*.allowWindowOps: true'

Then things work.=C2=A0 Yay!

I don't see why SetSelection would be a serious security issue (tho
I guess if a program does the right SetSelection at the right time, you
could end up pasting dangerous commands into a shell).
For GetSelection, the problem can show up if you view "raw data" = without
going though a pager, but if your terminal is busy running Emacs you're=
safe ;-)

I think the attack vector is: = you can trust SSH to not destroy or leak data on your machine, so you can S= SH into arbitrary untrusted machines and run arbitrary programs there. This= trust is broken if the program can initiate a read of the clipboard of the= local machine (the clipboard could contain confidential information). So I= can see why terminal emulator authors would want to disable/omit this func= tion. Agreed that it wouldn't be an issue to support it on Emacs's = side. I'll try to get my patch working.
--047d7bacbd4831a73c0513ebffcb--