config.def.h: add an option allowwindowops, by default off (secure)

Similar to the xterm AllowWindowOps option, this is an option to allow or disallow certain (non-interactive) operations that can be insecure or exploited. NOTE: xsettitle() is not guarded by this because st does not support printing the window title. Else this could be exploitable (arbitrary code execution). Similar problems have been found in the past in other terminal emulators. The sequence for base64-encoded clipboard copy is now guarded because it allows a sequence written to the terminal to manipulate the clipboard of the running user non-interactively, for example: printf '\x1b]52;0;ZWNobyBoaQ0=\a'
author: Hiltjo Posthuma <hiltjo@codemadness.org> 2020-05-30 21:56:18 +0200
committer: Hiltjo Posthuma <hiltjo@codemadness.org> 2020-05-30 22:06:15 +0200
commit: a2a704492b9f4d2408d180f7aeeacf4c789a1d67 (patch)
tree: dddf8c868f1ef40c017140ed35018c7aef8b64d8 /st.c
parent: 0f8b40652bca0670f1f0bda069bbc55f8b5e364d (diff)
download: st-a2a704492b9f4d2408d180f7aeeacf4c789a1d67.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/st.c b/st.c
index 2d901ab..ef8abd5 100644
--- a/st.c
+++ b/st.c
@@ -1861,7 +1861,7 @@ strhandle(void)
 				xsettitle(strescseq.args[1]);
 			return;
 		case 52:
-			if (narg > 2) {
+			if (narg > 2 && allowwindowops) {
 				dec = base64dec(strescseq.args[2]);
 				if (dec) {
 					xsetsel(dec);
author	Hiltjo Posthuma <hiltjo@codemadness.org>	2020-05-30 21:56:18 +0200
committer	Hiltjo Posthuma <hiltjo@codemadness.org>	2020-05-30 22:06:15 +0200
commit	a2a704492b9f4d2408d180f7aeeacf4c789a1d67 (patch)
tree	dddf8c868f1ef40c017140ed35018c7aef8b64d8 /st.c
parent	0f8b40652bca0670f1f0bda069bbc55f8b5e364d (diff)
download	st-a2a704492b9f4d2408d180f7aeeacf4c789a1d67.tar.gz