From mboxrd@z Thu Jan 1 00:00:00 1970
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Philipp Stephani
Newsgroups: gmane.emacs.bugs
Subject: bug#36879: 26.2; OSC 52 paste in term/xterm.el not working
Date: Thu, 15 Aug 2019 21:32:27 +0200
Message-ID:
References: <87lfwecfb7.fsf@mini.la.casa>
<877e7tqr5w.fsf@mini.la.casa>
<5E410D26-8917-4291-8202-C28FAE1CD0B2@acm.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
logging-data="57946"; mail-complaints-to="usenet@blaine.gmane.org"
Cc: Philipp Stephani ,
Daniel =?UTF-8?Q?Ekl=C3=B6f?= ,
Stefan Monnier , 36879@debbugs.gnu.org
To: Mattias =?UTF-8?Q?Engdeg=C3=A5rd?=
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Aug 15 21:33:13 2019
Return-path:
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([209.51.188.17])
by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.89)
(envelope-from )
id 1hyLUm-000Ev3-Nv
for geb-bug-gnu-emacs@m.gmane.org; Thu, 15 Aug 2019 21:33:12 +0200
Original-Received: from localhost ([::1]:46614 helo=lists1p.gnu.org)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from )
id 1hyLUl-0005Em-8j
for geb-bug-gnu-emacs@m.gmane.org; Thu, 15 Aug 2019 15:33:11 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:45608)
by lists.gnu.org with esmtp (Exim 4.90_1)
(envelope-from ) id 1hyLUd-0005Bg-NZ
for bug-gnu-emacs@gnu.org; Thu, 15 Aug 2019 15:33:05 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
(envelope-from ) id 1hyLUc-00022M-Cv
for bug-gnu-emacs@gnu.org; Thu, 15 Aug 2019 15:33:03 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:43650)
by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
(Exim 4.71) (envelope-from )
id 1hyLUc-000227-8e
for bug-gnu-emacs@gnu.org; Thu, 15 Aug 2019 15:33:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
(envelope-from ) id 1hyLUc-0005fJ-4J
for bug-gnu-emacs@gnu.org; Thu, 15 Aug 2019 15:33:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Philipp Stephani
Original-Sender: "Debbugs-submit"
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Thu, 15 Aug 2019 19:33:02 +0000
Resent-Message-ID:
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 36879
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
Original-Received: via spool by 36879-submit@debbugs.gnu.org id=B36879.156589756721754
(code B ref 36879); Thu, 15 Aug 2019 19:33:02 +0000
Original-Received: (at 36879) by debbugs.gnu.org; 15 Aug 2019 19:32:47 +0000
Original-Received: from localhost ([127.0.0.1]:52471 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from )
id 1hyLUN-0005eo-3d
for submit@debbugs.gnu.org; Thu, 15 Aug 2019 15:32:47 -0400
Original-Received: from mail-ot1-f66.google.com ([209.85.210.66]:37456)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from ) id 1hyLUL-0005eY-7p
for 36879@debbugs.gnu.org; Thu, 15 Aug 2019 15:32:45 -0400
Original-Received: by mail-ot1-f66.google.com with SMTP id f17so7525899otq.4
for <36879@debbugs.gnu.org>; Thu, 15 Aug 2019 12:32:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc:content-transfer-encoding;
bh=Xn8Tm1Mrq35YQ6NetiepXR+8roO6gQmqmhLuvrUWsfA=;
b=st7FLME6CeZqqiKLbNCplVneTmCBy/FOn6zGnokic73XPZFwifcHYVqx3Is/IMRbla
USEDhml6YusNbqyyDP2c1Stgpu02+VrsLn3+tMKO8LbPsGHq+r00qD0JQWfgh4YdsSZs
zRtBJEhgyDCrE0e88qH4mVe97Usf121nGgsazltceHbhx5DPLVwJcox0vK3rfkjj8qKm
RU6YZy8DPVS45JpBow3XaLvDbXjXPqtPtYrA25pSh9k6typmWwzF3ELm6TK5kecWpZub
Jz3yPVRFXAEamaT7OnhaIPFZM3My5GY32Q+x6Un6ic/6Gidjg0KMVeuq7KZS3kqapeIX
y45g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc:content-transfer-encoding;
bh=Xn8Tm1Mrq35YQ6NetiepXR+8roO6gQmqmhLuvrUWsfA=;
b=ZaqDnLX+oDOPQ7rRqo+tjktaTfJI533vhXBGIX64KNgWhtrv6VmBPFnd4ysryzgr06
LXyfAuYAgwfQt8AcjCYKATV/lTgcJi5/1fId+gfBzBat2DtnyLm5+U2y1pTUOl+uwrjm
/CVOSKqBjRwScae7HazFo/vkWhzyETSHBT8uKKDGXb2pGbLPWJFxckLm+YHANO/DZlHq
9xUbldh/10vJDqM71ore+FpnUCVtLNGN99RHMpVm3NALMdhMunATVH4Fhwgfd1DHbLGv
NK5D3mmUHSn8KuTwPaIm9qqkda/vBWym2AL6v40ZNB5M1J4SkRrcp4xvPXSw17CLVLIb
NwDQ==
X-Gm-Message-State: APjAAAW/2ZUxAVcFl5j5l02KZVKggPCvYgfKPjeUiREVHQu/ttJY48cH
sveEg2HkSNbEqxtVW5HcxxtnIstepw1A8tGmbT0=
X-Google-Smtp-Source: APXvYqx4xYzyxhiHtZwVPFnhPAgv/9k/Iz0Ka/Hz1m+p+YS19/GrNRa06o8Ed19OC3dyWEiBy2UGWjqCGwqIYpdp4uw=
X-Received: by 2002:a05:6830:1510:: with SMTP id
k16mr4314352otp.174.1565897559364;
Thu, 15 Aug 2019 12:32:39 -0700 (PDT)
In-Reply-To: <5E410D26-8917-4291-8202-C28FAE1CD0B2@acm.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 209.51.188.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
the Swiss army knife of text editors"
List-Unsubscribe: ,
List-Archive:
List-Post:
List-Help:
List-Subscribe: ,
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
Xref: news.gmane.org gmane.emacs.bugs:165139
Archived-At:
Am So., 4. Aug. 2019 um 11:45 Uhr schrieb Mattias Engdeg=C3=A5rd :
> > I'm probably missing something obvious, but how is talking to xclip mor=
e secure than talking to the terminal emulator? Or is the "security perspec=
tive" somewhere else?
>
> It's not a problem in Emacs, but by enabling OSC 52 in your terminal, an =
adversary might arrange for a crafted string to be sent to it which would s=
urreptitiously inject malicious data into the clipboard, or extract secrets=
from it. The OSC 52 reply itself could cause damage under some circumstanc=
es, or the attacker could just hope for the victim to paste a command into =
a shell prompt.
>
> > Except that xclip assumes x11. Would it not make sense to support a win=
dow protocol agnostic method? By supporting OSC 52, you support whatever cl=
ipboard mechanism the terminal emulator supports.
>
> I can definitely see how OSC 52 can be useful when there is only a termin=
al connection to the machine running Emacs, and no out-of-band conduit for =
the clipboard. The user needs to enable it actively both in the terminal an=
d in Emacs; it cannot be used by accident.
>
> > Perhaps one could use the heavy weight solution (change quit char) when=
'screen' is detected, but simply use ST in the non-screen case?
>
> The thought did cross my mind, but I thought I'd first enquire about the =
screen usage, given that I only got it to work with screen, not tmux, and t=
hen only after explicitly setting TERM.
>
> Perhaps Philipp Stephani who originally wrote the code could help us here=
(sorry about dragging you into the discussion, Philipp). Under what circum=
stances did you run it? (It was 4 years ago; it's understandable if you don=
't remember much of it.)
>
I added OSC-52 support primarily to support HTerm/Chrome Secure Shell.
HTerm supports copying via OSC-52, but not pasting due to the
aforementioned security issues, cf.
https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/FAQ.md#Is=
-OSC-52-aka-clipboard-operations_supported.
I don't use HTerm that much any more, but OSC-52 support for copying
was definitely quite useful. Copying is not a security issue (at least
for the SSH use case) as the clipboard is always ephemeral anyway.