Mail Archives: cygwin/2019/11/07/12:04:34

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2019/11/07/12:04:34

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:reply-to:subject:to:references:from:message-id

:date:mime-version:in-reply-to:content-type

:content-transfer-encoding; q=dns; s=default; b=dcoN0u0murXu85sc

H6O7r/iqYWKA5SsvYuEOMIkwAn0Dth3cpBsoQ+66oYx2pWplOqNDK2lq/wHVi2ic

4HSq9QPW7G5RN97ktW/bb/6+83beiQvtQf0aSWn+ce9ICGYDsSn6Hy+OCvwUwHdD

zgkRGh173n6JHWlYEy5NRuNObRM=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:reply-to:subject:to:references:from:message-id

:date:mime-version:in-reply-to:content-type

:content-transfer-encoding; s=default; bh=fGZj6lOJbXZlAOYGA18SSc

Jj+LE=; b=n/zRtP/XsIeRHeepSRJsefHAActBkYRp7+3VyJsu00HT0/yK9vmVdJ

zyHKlHMd+6R+DJ6/48O6D6+ARHgktfBtDEKKQo374S5ROYFVAQFrH7nM75aF2r+d

gsVj9/kXXXzVH5pC0LJkCaAt3nVQNOgd420d+KLh5jtMbYikYC3MQ=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=sk:invisib, cygwin-apps, cygwinapps

X-HELO: smtp-out-so.shaw.ca

Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca

Subject: Re: [ANNOUNCEMENT] xterm 348-1

To: cygwin AT cygwin DOT com

References: <announce DOT 20190911182437 DOT 37466-1-yselkowitz AT cygwin DOT com> <b4mtv7ogyyh DOT fsf AT jpl DOT org> <20191106211318 DOT 263462ceb47f01f6fd63c64e AT nifty DOT ne DOT jp> <420cec84-46a7-c55c-f723-dfd96d39d39b AT SystematicSw DOT ab DOT ca> <20191107004841 DOT 33764763bbb1ba364347c46c AT nifty DOT ne DOT jp> <e8821312-8750-48a1-e7f2-d7ce34f7d431 AT SystematicSw DOT ab DOT ca> <20191107113936 DOT 129b5b6f0c1879dbd5be7ed7 AT nifty DOT ne DOT jp> <f24b92f6-4a12-5142-b4c6-330c4613031d AT towo DOT net>

From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>

Openpgp: preference=signencrypt

Message-ID: <ddf08c3c-62e8-e15b-de81-caaaece6f50f@SystematicSw.ab.ca>

Date: Thu, 7 Nov 2019 10:03:39 -0700

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1

MIME-Version: 1.0

In-Reply-To: <f24b92f6-4a12-5142-b4c6-330c4613031d@towo.net>

X-IsSubscribed: yes

On 2019-11-07 01:31, Thomas Wolff wrote:
> Am 07.11.2019 um 03:39 schrieb Takashi Yano:
>> ...
>> Wait. I have just found /etc/X11/app-defaults/XTerm has a entry
>> *VT100*eightBitInput: false
>> which is added from cygwin xterm 348-1.
>>
>> Removing this line or changing the value to true solves this issue.
>>
>> Katsumi, could you please check if this solves the issue?
> The option value of eightBitInput must not be set to false nowadays, it's a
> relic of ASCII times.
> There are a number of further questionable changes in /etc/X11/app-defaults/XTerm
> (not checked to other XTerm default entries there):
> 
>  < *backarrowKeyIsErase: true
>  < *metaSendsEscape: true
>  < *ptyInitialErase: true
>  > ! Cygwin Defaults
>  > +*backarrowKeyIsErase: true
>  > +*metaSendsEscape: true
>  > +*ptyInitialErase: true
> Using the obscure "+" prefix here seems to reset the option to its default,
> regardless of the given value. Clearer configuration would be preferrable.

Normal practice is to set the default value and comment out the entry.
Is this an obscure comment convention rather than !?

> Changing backarrowKeyIsErase and ptyInitialErase consistently may go unnoticed
> for most users, but it effectively switches away from the Linux habit to use DEL
> for the backarrow key, just to note.
> Setting metaSendsEscape to false make input inconsistent. Alt+x will still enter
> ESC x (for whatever reason) but Alt+ö will enter only ö (again, for whatever
> reason). Option value true makes this consistent.
> 
>  > ! Red Hat Defaults:
>  > *allowFontOps: false
>  > *allowTcapOps: false
> The "allow*" options are meant to provide security but I see no security problem
> with these two, particularly not TcapOps (which seems to be used by vim to
> fine-tune terminal feature usage).

In a malicious script, font size could be set to tiny, text made invisible, or
foreground set to match background, to hide or obscure execution of malicious
commands, such as those exploited using bashdoor/shellshock vulnerabilities,
plus xterm *ops exec code and shell vulnerabilities:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030?
https://www.cvedetails.com/vulnerability-list/vendor_id-5838/product_id-9872/Invisible-island-Xterm.html
https://www.cvedetails.com/vulnerability-list/vendor_id-88/product_id-170/X.org-Xterm.html
https://www.cvedetails.com/vulnerability-list/vendor_id-7100/product_id-11978/Xterm-Xterm.html

>  > *VT100*eightBitInput: false
> Must be true!
>  > *VT100*scrollBar: true
> Why not, but it's a change that users may dislike.
>  > *VT100*utf8Title: true
> Probably a good idea.
>  > *termName: xterm-256color
> For applications that make a difference in colour usage depending on the TERM
> setting, this updates mega-legacy 16 colours to legacy 256 colours.
> Note that xterm also supplies a terminfo entry "xterm-direct" to reflect true
> colour support. Using it would require an update of the terminfo package, too,
> though, to get the xterm-direct entry included.

You may submit a patch to the package/file(s) on the cygwin-apps list, and
perhaps also upstream to Thomas E. Dickey, with links to the issue and
discussion, if only for info.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright � 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; q=dns; s=default; b=dcoN0u0murXu85sc
	H6O7r/iqYWKA5SsvYuEOMIkwAn0Dth3cpBsoQ+66oYx2pWplOqNDK2lq/wHVi2ic
	4HSq9QPW7G5RN97ktW/bb/6+83beiQvtQf0aSWn+ce9ICGYDsSn6Hy+OCvwUwHdD
	zgkRGh173n6JHWlYEy5NRuNObRM=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:reply-to:subject:to:references:from:message-id
	:date:mime-version:in-reply-to:content-type
	:content-transfer-encoding; s=default; bh=fGZj6lOJbXZlAOYGA18SSc
	Jj+LE=; b=n/zRtP/XsIeRHeepSRJsefHAActBkYRp7+3VyJsu00HT0/yK9vmVdJ
	zyHKlHMd+6R+DJ6/48O6D6+ARHgktfBtDEKKQo374S5ROYFVAQFrH7nM75aF2r+d
	gsVj9/kXXXzVH5pC0LJkCaAt3nVQNOgd420d+KLh5jtMbYikYC3MQ=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-3.0 required=5.0 tests=AWL,BAYES_00,KAM_NUMSUBJECT,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=sk:invisib, cygwin-apps, cygwinapps
X-HELO:	smtp-out-so.shaw.ca
Reply-To:	Brian DOT Inglis AT SystematicSw DOT ab DOT ca
Subject:	Re: [ANNOUNCEMENT] xterm 348-1
To:	cygwin AT cygwin DOT com
References:	<announce DOT 20190911182437 DOT 37466-1-yselkowitz AT cygwin DOT com> <b4mtv7ogyyh DOT fsf AT jpl DOT org> <20191106211318 DOT 263462ceb47f01f6fd63c64e AT nifty DOT ne DOT jp> <420cec84-46a7-c55c-f723-dfd96d39d39b AT SystematicSw DOT ab DOT ca> <20191107004841 DOT 33764763bbb1ba364347c46c AT nifty DOT ne DOT jp> <e8821312-8750-48a1-e7f2-d7ce34f7d431 AT SystematicSw DOT ab DOT ca> <20191107113936 DOT 129b5b6f0c1879dbd5be7ed7 AT nifty DOT ne DOT jp> <f24b92f6-4a12-5142-b4c6-330c4613031d AT towo DOT net>
From:	Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Openpgp:	preference=signencrypt
Message-ID:	<ddf08c3c-62e8-e15b-de81-caaaece6f50f@SystematicSw.ab.ca>
Date:	Thu, 7 Nov 2019 10:03:39 -0700
User-Agent:	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version:	1.0
In-Reply-To:	<f24b92f6-4a12-5142-b4c6-330c4613031d@towo.net>
X-IsSubscribed:	yes