GNU bug report logs - #36879
26.2; OSC 52 paste in term/xterm.el not working

Previous Next

Package: emacs;

Reported by: daniel <at> ekloef.se (Daniel Eklöf)

Date: Wed, 31 Jul 2019 17:17:02 UTC

Severity: normal

Tags: patch

Found in version 26.2

Done: Mattias Engdegård <mattiase <at> acm.org>

Bug is archived. No further changes may be made.

Full log

Message #78 received at 36879 <at> debbugs.gnu.org (full text, mbox):

From: Philipp Stephani <p.stephani2 <at> gmail.com>
To: Mattias Engdegård <mattiase <at> acm.org>
Cc: Philipp Stephani <phst <at> google.com>,
 Daniel Eklöf <daniel <at> ekloef.se>,
 Stefan Monnier <monnier <at> iro.umontreal.ca>, 36879 <at> debbugs.gnu.org
Subject: Re: bug#36879: 26.2; OSC 52 paste in term/xterm.el not working
Date: Thu, 15 Aug 2019 21:32:27 +0200

Am So., 4. Aug. 2019 um 11:45 Uhr schrieb Mattias Engdegård <mattiase <at> acm.org>:

> > I'm probably missing something obvious, but how is talking to xclip more secure than talking to the terminal emulator? Or is the "security perspective" somewhere else?
>
> It's not a problem in Emacs, but by enabling OSC 52 in your terminal, an adversary might arrange for a crafted string to be sent to it which would surreptitiously inject malicious data into the clipboard, or extract secrets from it. The OSC 52 reply itself could cause damage under some circumstances, or the attacker could just hope for the victim to paste a command into a shell prompt.
>
> > Except that xclip assumes x11. Would it not make sense to support a window protocol agnostic method? By supporting OSC 52, you support whatever clipboard mechanism the terminal emulator supports.
>
> I can definitely see how OSC 52 can be useful when there is only a terminal connection to the machine running Emacs, and no out-of-band conduit for the clipboard. The user needs to enable it actively both in the terminal and in Emacs; it cannot be used by accident.
>
> > Perhaps one could use the heavy weight solution (change quit char) when 'screen' is detected, but simply use ST in the non-screen case?
>
> The thought did cross my mind, but I thought I'd first enquire about the screen usage, given that I only got it to work with screen, not tmux, and then only after explicitly setting TERM.
>
> Perhaps Philipp Stephani who originally wrote the code could help us here (sorry about dragging you into the discussion, Philipp). Under what circumstances did you run it? (It was 4 years ago; it's understandable if you don't remember much of it.)
>


I added OSC-52 support primarily to support HTerm/Chrome Secure Shell.
HTerm supports copying via OSC-52, but not pasting due to the
aforementioned security issues, cf.
https://chromium.googlesource.com/apps/libapps/+/master/nassh/doc/FAQ.md#Is-OSC-52-aka-clipboard-operations_supported.
I don't use HTerm that much any more, but OSC-52 support for copying
was definitely quite useful. Copying is not a security issue (at least
for the SSH use case) as the clipboard is always ephemeral anyway.
This bug report was last modified 5 years and 285 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.