Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Oct 2023 18:41:41 +1100
From: David Leadbeater <>
Subject: Re: with firefox on X11, any page can pastejack you anytime

On Fri, 20 Oct 2023 at 12:58, David Leadbeater <> wrote:
> Then you get a command being run with no interaction; this appears to
> work with xterm (384) + fish for example.

I missed that this is configurable in xterm, so this can be mitigated
by setting the Xresource:

disallowedPasteControls: BS,DEL,ENQ,EOT,ETX,ESC,NUL

i.e. Adding "ETX" (^C) to the default set. (I've asked if this can be
the new default.)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.