On Thu, May 29, 2003 at 06:01:37AM -0400, Larry W. Virden wrote:
> From: Chris Green <[EMAIL PROTECTED]>
>
> > I'm still not quite sure about the security issues. Why is it more
> > likely that a rogue application will put something nasty in the window
> > title and then uses this escape sequence to output it (and hopefully
> > fool the user into executing it) than doing the same directly without
> > going via the title?
>
> The security issue, as I understand it, is with applications which take
> arbitrary data and use it in a way which may then result in a command
> being executed unexpectedly by the user.
>
> The idea behind this specific problem was explained as a case where a
> rogue program puts some string - say
> `some/path;rm -rf /;9 left cursor moves;9spaces`
> into the title bar.
>
> Innocent application then comes along and takes the info and goes to use
> it somehow - maybe like:
>
> RetrieveTitleBar=${ESC}$RestOfSequence
> todisplay=`echo $RetrieveTitleBar`
>
> and Bam! root goes away...
It seems amazingly unlikely! How many 'innocent applications' are
there which one would run as root and which echo the contents of the
title bar to the display? It's not the sort of thing one does by
mistake really is it?
Oh well, it's not actually much direct use to me anyway (getting the
title bar that is) so it's all a bit irrelevant anyway.
Does anyone have any other ways of uniquely identifying an rxvt window
(from the point of view of the shell running in it) to make it easy to
differentiate shell history files? This was my original reason for
trying to use the window title but as you have to echo the escape
sequence to the window/screen to get the title it's not (as I said)
very useful.
I know you can use process-id and such but that means that history
from session to session is lost.
--
Chris Green ([EMAIL PROTECTED])
