[hackers] [st] config.def.h: add an option allowwindowops, by default off (secure) || Hiltjo Posthuma

From: <git_AT_suckless.org>
Date: Sat, 30 May 2020 22:08:09 +0200 (CEST)

commit a2a704492b9f4d2408d180f7aeeacf4c789a1d67
Author: Hiltjo Posthuma <hiltjo_AT_codemadness.org>
AuthorDate: Sat May 30 21:56:18 2020 +0200
Commit: Hiltjo Posthuma <hiltjo_AT_codemadness.org>
CommitDate: Sat May 30 22:06:15 2020 +0200

    config.def.h: add an option allowwindowops, by default off (secure)
    
    Similar to the xterm AllowWindowOps option, this is an option to allow or
    disallow certain (non-interactive) operations that can be insecure or
    exploited.
    
    NOTE: xsettitle() is not guarded by this because st does not support printing
    the window title. Else this could be exploitable (arbitrary code execution).
    Similar problems have been found in the past in other terminal emulators.
    
    The sequence for base64-encoded clipboard copy is now guarded because it allows
    a sequence written to the terminal to manipulate the clipboard of the running
    user non-interactively, for example:
    
    printf '\x1b]52;0;ZWNobyBoaQ0=\a'

diff --git a/config.def.h b/config.def.h
index 293e00c..6f05dce 100644
--- a/config.def.h
+++ b/config.def.h
_AT_@ -43,6 +43,10 @@ static unsigned int tripleclicktimeout = 600;
 /* alt screens */
 int allowaltscreen = 1;
 
+/* allow certain non-interactive (insecure) window operations such as:
+ setting the clipboard text */
+int allowwindowops = 0;
+
 /*
  * draw latency range in ms - from new content/keypress/etc until drawing.
  * within this range, st draws when content stops arriving (idle). mostly it's
diff --git a/st.c b/st.c
index 2d901ab..ef8abd5 100644
--- a/st.c
+++ b/st.c
_AT_@ -1861,7 +1861,7 @@ strhandle(void)
                                 xsettitle(strescseq.args[1]);
                         return;
                 case 52:
- if (narg > 2) {
+ if (narg > 2 && allowwindowops) {
                                 dec = base64dec(strescseq.args[2]);
                                 if (dec) {
                                         xsetsel(dec);
diff --git a/st.h b/st.h
index d978458..3d351b6 100644
--- a/st.h
+++ b/st.h
_AT_@ -118,6 +118,7 @@ extern char *stty_args;
 extern char *vtiden;
 extern wchar_t *worddelimiters;
 extern int allowaltscreen;
+extern int allowwindowops;
 extern char *termname;
 extern unsigned int tabspaces;
 extern unsigned int defaultfg;
Received on Sat May 30 2020 - 22:08:09 CEST