i...@b3zdna.net wrote: > For one me; I use it to send highlighted text in the terminal to an > external program. This highlighted text could be a relative path to be > opened by the external program and thus requires a cwd.
But your xterm is less secure. Eventually there will protocol or text side bug in xterm, and someone will figure out ways to escalate beyond our other mitigations. Rather than forcing them to operate inside an uncomfortable less-than-POSIX pledge+unveil environment, they can reuse a simple 1996-era shell-egg to execve straight to a fresh shell for their pleasure. Because pledge "proc exec" lets them do so. "proc exec" can only be safely used by (small) shells, or during startup of processes setting up a fork+exec privsep, or in one process of a very careful privsep design (probably using strict unveil) That doesn't describe xterm. I think this feature is very misguided.