Package: xterm Version: 222-1etch4 Severity: wishlist Xterm uses allowWindowOps and allowFontOps, both defaulting to false, see e.g. http://bugs.debian.org/510030 (and references therein about this being an old and recurring problem). Both resources disable many useful operations, so some people explicitly turn them on; but then they are exposed to security risks. As an enhancement, I propose a new resource allowSecurityRiskOps which (alone or in conjuntion with allowWindowOps and allowFontOps) would control security-relevant parts ("whacking" un-sanitized strings into the input buffer, set X properties and UDK, maybe paste64, VT200 modes, or re-enable setting the answerback message). Then (most of) the functionality of allowWindowOps and allowFontOps could safely be turned on (maybe by default even?), and it would be clear what is dangerous.
--- Occasionally I foolishly do "cat binary-file" and get annoyed by the "1;2c" in the input buffer and/or the need to shift-M2 "soft reset" and/or "stty sane" to proceed. As an enhancement, I propose a new resource allowEscSeqs that would control interpretation of any ESC sequences (except maybe arrow keys); then paranoid people (who have no use for VT100 features) could turn that off. --- I do not attach patches to implement the above, do not want another rejection of "your code is incorrect". Cheers, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.24-pk03.02-svr Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages xterm depends on: ii libc6 2.3.6.ds1-13etch8 GNU C Library: Shared libraries ii libfontconfig1 2.4.2-1.2 generic font configuration library ii libice6 1:1.0.1-2 X11 Inter-Client Exchange library ii libncurses5 5.5-5 Shared libraries for terminal hand ii libsm6 1:1.0.1-3 X11 Session Management library ii libx11-6 2:1.0.3-7 X11 client-side library ii libxaw7 1:1.0.2-4 X11 Athena Widget library ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar ii libxft2 2.1.8.2-8 FreeType-based font drawing librar ii libxmu6 1:1.0.2-2 X11 miscellaneous utility library ii libxt6 1:1.0.2-2 X11 toolkit intrinsics library ii xbitmaps 1.0.1-2 Base X bitmaps Versions of packages xterm recommends: ii xutils 1:7.1.ds.3-1 X Window System utility programs -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
