Date: Fri, 20 Oct 2023 18:41:41 +1100 From: David Leadbeater <dgl@....cx> To: oss-security@...ts.openwall.com Subject: Re: with firefox on X11, any page can pastejack you anytime On Fri, 20 Oct 2023 at 12:58, David Leadbeater <dgl@....cx> wrote: [...] > Then you get a command being run with no interaction; this appears to > work with xterm (384) + fish for example. I missed that this is configurable in xterm, so this can be mitigated by setting the Xresource: disallowedPasteControls: BS,DEL,ENQ,EOT,ETX,ESC,NUL i.e. Adding "ETX" (^C) to the default set. (I've asked if this can be the new default.) David
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.