bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#36879: 26.2; OSC 52 paste in term/xterm.el not working


From: Mattias Engdegård
Subject: bug#36879: 26.2; OSC 52 paste in term/xterm.el not working
Date: Sun, 4 Aug 2019 11:44:27 +0200

4 aug. 2019 kl. 10.19 skrev Daniel Eklöf <daniel@ekloef.se>:
> 
> set-selection has always worked, at least for me. That one is also enabled by 
> default in xterm.el (when an xterm supporting it is detected, I assume).

Right, it lacks the technical problems of the copy-from-clipboard direction, 
since no reply from the terminal is involved.

> I'm probably missing something obvious, but how is talking to xclip more 
> secure than talking to the terminal emulator? Or is the "security 
> perspective" somewhere else?

It's not a problem in Emacs, but by enabling OSC 52 in your terminal, an 
adversary might arrange for a crafted string to be sent to it which would 
surreptitiously inject malicious data into the clipboard, or extract secrets 
from it. The OSC 52 reply itself could cause damage under some circumstances, 
or the attacker could just hope for the victim to paste a command into a shell 
prompt.

> Except that xclip assumes x11. Would it not make sense to support a window 
> protocol agnostic method? By supporting OSC 52, you support whatever 
> clipboard mechanism the terminal emulator supports.

I can definitely see how OSC 52 can be useful when there is only a terminal 
connection to the machine running Emacs, and no out-of-band conduit for the 
clipboard. The user needs to enable it actively both in the terminal and in 
Emacs; it cannot be used by accident.

> Perhaps one could use the heavy weight solution (change quit char) when 
> 'screen' is detected, but simply use ST in the non-screen case?

The thought did cross my mind, but I thought I'd first enquire about the screen 
usage, given that I only got it to work with screen, not tmux, and then only 
after explicitly setting TERM.

Perhaps Philipp Stephani who originally wrote the code could help us here 
(sorry about dragging you into the discussion, Philipp). Under what 
circumstances did you run it? (It was 4 years ago; it's understandable if you 
don't remember much of it.)







reply via email to

[Prev in Thread] Current Thread [Next in Thread]