Comments (3)
I understand you. And I'm still a bit skeptical:
in my environment they do not apply - I own all the machines involved
Do you know for 100% sure that you'll never ever ssh / telnet / netcat (even for debugging, maybe on http port 80 or so) to a machine outside of your security realm; or if you do then you'll remember to turn off this feature beforehand?
I (or we), as developer(s), have to think differently.
If we offer a run-time switch (visible config option, hidden config option, cmdline switch etc.) then users will find it, users will tell each other on forums to enable that option, and many will blindly enable it without properly considering the security implications. Security is defeated.
If it's a compile-time switch then some distros won't enable it (their users still complaining about the lack of copy-paste support), some other will perhaps enable (posing the security risk to all their users). Neither of which is good.
If end users who know it's safe for them need to recompile the package anyway, then you can go ahead and patch in OSC 52 support, it shouldn't be very hard (well, first check if someone has already done and shared that).
"Let's ship a feature for only those users whose setup meets certain security criteria" is in my opinion not an acceptable option for developers of terminal emulators, nor for developers of terminal-based apps. If people want to have this feature, it's the developer's job to ship a solution that can safely work for all users.
From my point of view, as a developer who contributes improvements, security cannot be optional, security must be mandatory.
Maybe we should just go ahead, design and implement our new protocol, and post feature requests against apps to see if it grains traction...
from tilix.
(I'm not a Tilix developer but I'm a VTE developer.)
Tilix uses the VTE widget for terminal emulation.
VTE developers deliberately refuse to add OSC 52 support because of its known security/privacy problems. At least two protocols that would fix these problems have been proposed, but no one had the resources yet to implement them and start convincing other terminals and apps to follow.
In the mean time, shame on every terminal emulator and every terminal-based application that adds OSC 52 support, despite its well-known security flaws. They should all deliberately reject to implement it, and cooperate to design and drive the adoptation of a new, safe solution. My 2 cents.
from tilix.
Thank you for clarification.
As I am aware of security concerns, in my environment they do not apply - I own all the machines involved. It would be awesome to have option like '--enable-unsecure-osc52' until something betters comes in. Especially in one way - editor can write to clipboard without read capabilities - this options seems to be safer.
from tilix.
Related Issues (20)
- How to edit/remove the context menu
- "TerminalNot Enabled" is displayed on the screen HOT 2
- My own keyboard shortcuts don't work when Tilix is focused
- Gtk-WARNINGs HOT 1
- Unable to open the preferences menu when using the Ketsa icon theme HOT 6
- GLib-GObject-WARNING ISO-8859-16: U_FILE_ACCESS_ERROR HOT 2
- Tilix Screen Size
- change tilix tile border color HOT 4
- Linking error with meson+dmd HOT 3
- Copy-Paste-Problems
- error while loading shared libraries: libphobos2-ldc-shared.so.107 after libphobos update HOT 3
- Flickering Terminal HOT 2
- Can't run docker on tilix HOT 1
- Right-Click to `clear` - Custom Commands in Roght-Click Context Menu
- Tilix not launching on kali linux
- startup with badge text via CLI HOT 1
- Delay in registering keys in CLI HOT 2
- Automatically open maximized window when launching from applications launcher HOT 8
- Every new window opens with a percentage sign at the first line and prompt at the second line. HOT 2
- Window size does not respect the bottom panel under Wayland GNOME 45.7 after wake up from sleep
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tilix.