On Tue, 07 Jan 2020 18:17:23 -0700 "Theo de Raadt" <[email protected]> wrote:
> Thomas Dickey <[email protected]> wrote: > > > On Tue, Jan 07, 2020 at 09:00:04PM +0100, Benjamin Baier wrote: > > > >Synopsis: xterm pledge dns violation > > > >Category: X11 / libc? / ports? > > > >Environment: > > > System : OpenBSD 6.6 > > > Details : OpenBSD 6.6-current (GENERIC.MP) #0: Mon Jan 6 20:17:42 > > > CET 2020 > > > > > > [email protected]:/home/cvsgit/src/sys/arch/amd64/compile/GENERIC.MP > > > > > > Architecture: OpenBSD.amd64 > > > Machine : amd64 > > > > > > >Description: > > > While copy paste with middle mousebutton from xterm to claws-mail (into > > > new email window) > > > > Reading the source, it seems that the client is asking for the target > > with this information, that libXmu is "merely" capable of honoring it > > for some time. Take a look at > > > > https://gitlab.freedesktop.org/xorg/lib/libxmu/blob/master/src/CvtStdSel.c > > > > (very likely, disabling the XA_HOSTNAME (and XA_IP_ADDRESS) chunks > > in that file wouldn't hurt xterm, though claws-mail might be annoyed). > > To me this seems dumb. > > I don't want my brower reading my .ssh keys. > > Similarily, I don't want my xterm trying to DNS resolution. As shown there are codepaths where it will do so. See my original post. Even worse this seems to depend on how the receiving application of a copy&paste action implements it's paste handling. I masked this bug with a patch to claws-mail. https://marc.info/?l=openbsd-ports&m=157843792723639&w=2 But who knows which other applications trigger this as well? Can't test all of them. So I don't consider this fixed. > I would want to see a DAMN GOOD justification for xterm wanting to resolv > host names, especially on a cut and paste. Wow. Wow indeed. > Otherwise, simple software should do simple things. It should strive to > get by with as little as possible and be powerful, and not "turn into emacs". Not turn into X11... well too late. > A third secret reason for the existance of pledge is to highlight > how much the concept of "all software must be able to do everything" > has infected the software ecosystem. And it has uncovered another part of the system I'm gladly look into hoping to keep my sanity.
