[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working
From: |
Philipp Stephani |
Subject: |
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working |
Date: |
Thu, 15 Aug 2019 21:32:27 +0200 |
Am So., 4. Aug. 2019 um 11:45 Uhr schrieb Mattias Engdegård <mattiase@acm.org>:
> > I'm probably missing something obvious, but how is talking to xclip more
> > secure than talking to the terminal emulator? Or is the "security
> > perspective" somewhere else?
>
> It's not a problem in Emacs, but by enabling OSC 52 in your terminal, an
> adversary might arrange for a crafted string to be sent to it which would
> surreptitiously inject malicious data into the clipboard, or extract secrets
> from it. The OSC 52 reply itself could cause damage under some circumstances,
> or the attacker could just hope for the victim to paste a command into a
> shell prompt.
>
> > Except that xclip assumes x11. Would it not make sense to support a window
> > protocol agnostic method? By supporting OSC 52, you support whatever
> > clipboard mechanism the terminal emulator supports.
>
> I can definitely see how OSC 52 can be useful when there is only a terminal
> connection to the machine running Emacs, and no out-of-band conduit for the
> clipboard. The user needs to enable it actively both in the terminal and in
> Emacs; it cannot be used by accident.
>
> > Perhaps one could use the heavy weight solution (change quit char) when
> > 'screen' is detected, but simply use ST in the non-screen case?
>
> The thought did cross my mind, but I thought I'd first enquire about the
> screen usage, given that I only got it to work with screen, not tmux, and
> then only after explicitly setting TERM.
>
> Perhaps Philipp Stephani who originally wrote the code could help us here
> (sorry about dragging you into the discussion, Philipp). Under what
> circumstances did you run it? (It was 4 years ago; it's understandable if you
> don't remember much of it.)
>
I added OSC-52 support primarily to support HTerm/Chrome Secure Shell.
HTerm supports copying via OSC-52, but not pasting due to the
aforementioned security issues, cf.
https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/FAQ.md#Is-OSC-52-aka-clipboard-operations_supported.
I don't use HTerm that much any more, but OSC-52 support for copying
was definitely quite useful. Copying is not a security issue (at least
for the SSH use case) as the clipboard is always ephemeral anyway.
- bug#36879: 26.2; OSC 52 paste in term/xterm.el not working, (continued)
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working, Daniel Eklöf, 2019/08/03
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working, Daniel Eklöf, 2019/08/03
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working, Stefan Monnier, 2019/08/03
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working, Stefan Monnier, 2019/08/04
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working, Daniel Eklöf, 2019/08/04
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working, Mattias Engdegård, 2019/08/05
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working, Daniel Eklöf, 2019/08/05
bug#36879: 26.2; OSC 52 paste in term/xterm.el not working, Mattias Engdegård, 2019/08/08