Bug#531597: #531597 xterm: escape sequences to set title are ignored even if allowTitleOps is set

Mon, 10 Aug 2009 04:09:14 -0700 

On Mon, Aug 10, 2009 at 06:40:00 -0400, Thomas Dickey wrote:

> On Mon, 10 Aug 2009, Julien Cristau wrote:
> 
> >On Sun, Aug  9, 2009 at 17:54:23 -0400, Thomas Dickey wrote:
> >
> >>This is fixed in patch #244
> >>
> >Hi Thomas,
> >
> >would you mind pointing at the change that fixes this?  On a quick look
> >over the diff between #243 and #244 I didn't find it.
> 
> that was a typo in an ifdef, in charproc.c:
> 
> @@ -398,7 +398,7 @@
>      Bres(XtNallowFontOps, XtCAllowFontOps, screen.allowFontOp0, 
> DEF_ALLOW_FONT),
>      Bres(XtNallowTcapOps, XtCAllowTcapOps, screen.allowTcapOp0, 
> DEF_ALLOW_TCAP),
>      Bres(XtNallowTitleOps, XtCAllowTitleOps, screen.allowTitleOp0, 
> DEF_ALLOW_TITLE),
> -    Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, 
> DEF_ALLOW_FONT),
> +    Bres(XtNallowWindowOps, XtCAllowWindowOps, screen.allowWindowOp0, 
> DEF_ALLOW_WINDOW),
>      Bres(XtNaltIsNotMeta, XtCAltIsNotMeta, screen.alt_is_not_meta, False),
>      Bres(XtNaltSendsEscape, XtCAltSendsEscape, screen.alt_sends_esc, False),
>      Bres(XtNalwaysBoldMode, XtCAlwaysBoldMode, screen.always_bold_mode, 
> False),
> 
Hmm.  We build with
        -DDEF_ALLOW_WINDOW=False \
        -DDEF_ALLOW_FONT=False \
        -DDEF_ALLOW_TCAP=False
so this particular typo shouldn't change anything.

This bug seems to be about interaction between AllowTitleOps and
AllowSendEvents; the manpage documents in the 'Font Menu' section that
AllowSendEvents disables the AllowXXXOps items, and the AllowTitleOps()
macro indeed checks that allowSendEvents is disabled.  Maybe all that's
needed here is something like this:

diff --git a/xterm.man b/xterm.man
index 132d23d..91efb6c 100644
--- a/xterm.man
+++ b/xterm.man
@@ -1500,8 +1500,8 @@ The default is \*(``true.\*(''
 Specifies whether or not synthetic key and button events (generated using
 the X protocol SendEvent request) should be interpreted or discarded.
 The default is \*(``false\*('' meaning they are discarded.
-Note that allowing
-such events creates a very large security hole.
+Note that allowing such events creates a very large security hole, and
+forcefully disables the \fBallow\fIXXX\fPOps\fR resources.
 The default is \*(``false.\*(''
 .TP
 .B "allowTcapOps (\fPclass\fB AllowTcapOps)"

Cheers,
Julien



-- 
To UNSUBSCRIBE, email to debian-x-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to