From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.bugs Subject: bug#36879: 26.2; OSC 52 paste in term/xterm.el not working Date: Thu, 15 Aug 2019 21:32:27 +0200 Message-ID: References: <87lfwecfb7.fsf@mini.la.casa> <877e7tqr5w.fsf@mini.la.casa> <5E410D26-8917-4291-8202-C28FAE1CD0B2@acm.org> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="57946"; mail-complaints-to="usenet@blaine.gmane.org" Cc: Philipp Stephani , Daniel =?UTF-8?Q?Ekl=C3=B6f?= , Stefan Monnier , 36879@debbugs.gnu.org To: Mattias =?UTF-8?Q?Engdeg=C3=A5rd?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Aug 15 21:33:13 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hyLUm-000Ev3-Nv for geb-bug-gnu-emacs@m.gmane.org; Thu, 15 Aug 2019 21:33:12 +0200 Original-Received: from localhost ([::1]:46614 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyLUl-0005Em-8j for geb-bug-gnu-emacs@m.gmane.org; Thu, 15 Aug 2019 15:33:11 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:45608) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1hyLUd-0005Bg-NZ for bug-gnu-emacs@gnu.org; Thu, 15 Aug 2019 15:33:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hyLUc-00022M-Cv for bug-gnu-emacs@gnu.org; Thu, 15 Aug 2019 15:33:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:43650) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hyLUc-000227-8e for bug-gnu-emacs@gnu.org; Thu, 15 Aug 2019 15:33:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hyLUc-0005fJ-4J for bug-gnu-emacs@gnu.org; Thu, 15 Aug 2019 15:33:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Philipp Stephani Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 15 Aug 2019 19:33:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36879 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 36879-submit@debbugs.gnu.org id=B36879.156589756721754 (code B ref 36879); Thu, 15 Aug 2019 19:33:02 +0000 Original-Received: (at 36879) by debbugs.gnu.org; 15 Aug 2019 19:32:47 +0000 Original-Received: from localhost ([127.0.0.1]:52471 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyLUN-0005eo-3d for submit@debbugs.gnu.org; Thu, 15 Aug 2019 15:32:47 -0400 Original-Received: from mail-ot1-f66.google.com ([209.85.210.66]:37456) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hyLUL-0005eY-7p for 36879@debbugs.gnu.org; Thu, 15 Aug 2019 15:32:45 -0400 Original-Received: by mail-ot1-f66.google.com with SMTP id f17so7525899otq.4 for <36879@debbugs.gnu.org>; Thu, 15 Aug 2019 12:32:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=Xn8Tm1Mrq35YQ6NetiepXR+8roO6gQmqmhLuvrUWsfA=; b=st7FLME6CeZqqiKLbNCplVneTmCBy/FOn6zGnokic73XPZFwifcHYVqx3Is/IMRbla USEDhml6YusNbqyyDP2c1Stgpu02+VrsLn3+tMKO8LbPsGHq+r00qD0JQWfgh4YdsSZs zRtBJEhgyDCrE0e88qH4mVe97Usf121nGgsazltceHbhx5DPLVwJcox0vK3rfkjj8qKm RU6YZy8DPVS45JpBow3XaLvDbXjXPqtPtYrA25pSh9k6typmWwzF3ELm6TK5kecWpZub Jz3yPVRFXAEamaT7OnhaIPFZM3My5GY32Q+x6Un6ic/6Gidjg0KMVeuq7KZS3kqapeIX y45g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=Xn8Tm1Mrq35YQ6NetiepXR+8roO6gQmqmhLuvrUWsfA=; b=ZaqDnLX+oDOPQ7rRqo+tjktaTfJI533vhXBGIX64KNgWhtrv6VmBPFnd4ysryzgr06 LXyfAuYAgwfQt8AcjCYKATV/lTgcJi5/1fId+gfBzBat2DtnyLm5+U2y1pTUOl+uwrjm /CVOSKqBjRwScae7HazFo/vkWhzyETSHBT8uKKDGXb2pGbLPWJFxckLm+YHANO/DZlHq 9xUbldh/10vJDqM71ore+FpnUCVtLNGN99RHMpVm3NALMdhMunATVH4Fhwgfd1DHbLGv NK5D3mmUHSn8KuTwPaIm9qqkda/vBWym2AL6v40ZNB5M1J4SkRrcp4xvPXSw17CLVLIb NwDQ== X-Gm-Message-State: APjAAAW/2ZUxAVcFl5j5l02KZVKggPCvYgfKPjeUiREVHQu/ttJY48cH sveEg2HkSNbEqxtVW5HcxxtnIstepw1A8tGmbT0= X-Google-Smtp-Source: APXvYqx4xYzyxhiHtZwVPFnhPAgv/9k/Iz0Ka/Hz1m+p+YS19/GrNRa06o8Ed19OC3dyWEiBy2UGWjqCGwqIYpdp4uw= X-Received: by 2002:a05:6830:1510:: with SMTP id k16mr4314352otp.174.1565897559364; Thu, 15 Aug 2019 12:32:39 -0700 (PDT) In-Reply-To: <5E410D26-8917-4291-8202-C28FAE1CD0B2@acm.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:165139 Archived-At: Am So., 4. Aug. 2019 um 11:45 Uhr schrieb Mattias Engdeg=C3=A5rd : > > I'm probably missing something obvious, but how is talking to xclip mor= e secure than talking to the terminal emulator? Or is the "security perspec= tive" somewhere else? > > It's not a problem in Emacs, but by enabling OSC 52 in your terminal, an = adversary might arrange for a crafted string to be sent to it which would s= urreptitiously inject malicious data into the clipboard, or extract secrets= from it. The OSC 52 reply itself could cause damage under some circumstanc= es, or the attacker could just hope for the victim to paste a command into = a shell prompt. > > > Except that xclip assumes x11. Would it not make sense to support a win= dow protocol agnostic method? By supporting OSC 52, you support whatever cl= ipboard mechanism the terminal emulator supports. > > I can definitely see how OSC 52 can be useful when there is only a termin= al connection to the machine running Emacs, and no out-of-band conduit for = the clipboard. The user needs to enable it actively both in the terminal an= d in Emacs; it cannot be used by accident. > > > Perhaps one could use the heavy weight solution (change quit char) when= 'screen' is detected, but simply use ST in the non-screen case? > > The thought did cross my mind, but I thought I'd first enquire about the = screen usage, given that I only got it to work with screen, not tmux, and t= hen only after explicitly setting TERM. > > Perhaps Philipp Stephani who originally wrote the code could help us here= (sorry about dragging you into the discussion, Philipp). Under what circum= stances did you run it? (It was 4 years ago; it's understandable if you don= 't remember much of it.) > I added OSC-52 support primarily to support HTerm/Chrome Secure Shell. HTerm supports copying via OSC-52, but not pasting due to the aforementioned security issues, cf. https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/FAQ.md#Is= -OSC-52-aka-clipboard-operations_supported. I don't use HTerm that much any more, but OSC-52 support for copying was definitely quite useful. Copying is not a security issue (at least for the SSH use case) as the clipboard is always ephemeral anyway.