From bda9c9ffa645ee5e4b2507474ebfa1c5efb889b2 Mon Sep 17 00:00:00 2001 From: k0ga Date: Sat, 16 May 2020 09:48:18 +0000 Subject: Make shift+wheel behaves as shift+Prev/Next St uses a very good hack where mouse wheel genereates ^Y and ^E, that are the same keys that less and vi uses for backward and fordward scrolling. Scroll, as many terminal emulators, use shift+Prev/Next for scrolling, but it is also using ^E and ^Y for scroling, characters that are reserved in the POSIX shell in emacs mode for end of line and yanking, making scroll unsable in st. This patch adds a new hack, making shift+wheel returning the same sequences than shift+Prev/Next, meaning that scroll or any other similar program will not be able to differentiate between them. --- config.def.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'config.def.h') diff --git a/config.def.h b/config.def.h index fdbacfd..293e00c 100644 --- a/config.def.h +++ b/config.def.h @@ -171,7 +171,9 @@ static uint forcemousemod = ShiftMask; static MouseShortcut mshortcuts[] = { /* mask button function argument release */ { XK_ANY_MOD, Button2, selpaste, {.i = 0}, 1 }, + { ShiftMask, Button4, ttysend, {.s = "\033[5;2~"} }, { XK_ANY_MOD, Button4, ttysend, {.s = "\031"} }, + { ShiftMask, Button5, ttysend, {.s = "\033[6;2~"} }, { XK_ANY_MOD, Button5, ttysend, {.s = "\005"} }, }; -- cgit From a2a704492b9f4d2408d180f7aeeacf4c789a1d67 Mon Sep 17 00:00:00 2001 From: Hiltjo Posthuma Date: Sat, 30 May 2020 21:56:18 +0200 Subject: config.def.h: add an option allowwindowops, by default off (secure) Similar to the xterm AllowWindowOps option, this is an option to allow or disallow certain (non-interactive) operations that can be insecure or exploited. NOTE: xsettitle() is not guarded by this because st does not support printing the window title. Else this could be exploitable (arbitrary code execution). Similar problems have been found in the past in other terminal emulators. The sequence for base64-encoded clipboard copy is now guarded because it allows a sequence written to the terminal to manipulate the clipboard of the running user non-interactively, for example: printf '\x1b]52;0;ZWNobyBoaQ0=\a' --- config.def.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'config.def.h') diff --git a/config.def.h b/config.def.h index 293e00c..6f05dce 100644 --- a/config.def.h +++ b/config.def.h @@ -43,6 +43,10 @@ static unsigned int tripleclicktimeout = 600; /* alt screens */ int allowaltscreen = 1; +/* allow certain non-interactive (insecure) window operations such as: + setting the clipboard text */ +int allowwindowops = 0; + /* * draw latency range in ms - from new content/keypress/etc until drawing. * within this range, st draws when content stops arriving (idle). mostly it's -- cgit