diff options
author | Hiltjo Posthuma <hiltjo@codemadness.org> | 2020-05-30 21:56:18 +0200 |
---|---|---|
committer | Hiltjo Posthuma <hiltjo@codemadness.org> | 2020-05-30 22:06:15 +0200 |
commit | a2a704492b9f4d2408d180f7aeeacf4c789a1d67 (patch) | |
tree | dddf8c868f1ef40c017140ed35018c7aef8b64d8 /st.c | |
parent | 0f8b40652bca0670f1f0bda069bbc55f8b5e364d (diff) | |
download | st-a2a704492b9f4d2408d180f7aeeacf4c789a1d67.tar.gz st-a2a704492b9f4d2408d180f7aeeacf4c789a1d67.tar.bz2 |
config.def.h: add an option allowwindowops, by default off (secure)
Similar to the xterm AllowWindowOps option, this is an option to allow or
disallow certain (non-interactive) operations that can be insecure or
exploited.
NOTE: xsettitle() is not guarded by this because st does not support printing
the window title. Else this could be exploitable (arbitrary code execution).
Similar problems have been found in the past in other terminal emulators.
The sequence for base64-encoded clipboard copy is now guarded because it allows
a sequence written to the terminal to manipulate the clipboard of the running
user non-interactively, for example:
printf '\x1b]52;0;ZWNobyBoaQ0=\a'
Diffstat (limited to 'st.c')
-rw-r--r-- | st.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -1861,7 +1861,7 @@ strhandle(void) xsettitle(strescseq.args[1]); return; case 52: - if (narg > 2) { + if (narg > 2 && allowwindowops) { dec = base64dec(strescseq.args[2]); if (dec) { xsetsel(dec); |