oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: with firefox on X11, any page can pastejack you anytime

From: David Leadbeater <dgl () dgl cx>
Date: Fri, 20 Oct 2023 18:41:41 +1100
On Fri, 20 Oct 2023 at 12:58, David Leadbeater <dgl () dgl cx> wrote:
[...]

Then you get a command being run with no interaction; this appears to
work with xterm (384) + fish for example.


I missed that this is configurable in xterm, so this can be mitigated
by setting the Xresource:

disallowedPasteControls: BS,DEL,ENQ,EOT,ETX,ESC,NUL

i.e. Adding "ETX" (^C) to the default set. (I've asked if this can be
the new default.)

David
Previous By Date Next
Previous By Thread Next

Current thread: