On Sat, Feb 29, 2020 at 08:23:58PM +0100, Marc Lehmann wrote: > On Sat, Feb 29, 2020 at 05:12:59PM +0000, Alexander Huemer > <alexander.hue...@xx.vu> wrote: > > What I have on my mind is a kind of trigger mechanism based on regular > > expressions. If the content of the terminal (bottom-most line, > > potentially including the prior line) matches a regex, then a defined > > action is triggered. This might come in handy for a number a usecases. > > What I am thinking about primarily though is retrieval of secrets from > > the respective store. > > Sure, that would be easy with an extension - and detecting tty modes (e.g. > echo) is certainly possible form an extension as well. > > > - You have a 'special' urxvt session lingering in a corner somewhere for > > the sole purpose of retrieving secrets from pass (or similar > > software). Why? to benefit from a potentially warm cache. After all > > you have to authenticate against the secrets store. If the credentials > > cache for it is warm, then retrieval is low effort. > > I'm not sure I understaned that, why retrieve secrets in a different > termnal than where you need to use it?
Two reasons. - If you relatively frequently retrieve secrets and do that all from the same terminal/shell session, then chances are good you find a warm authentication cache and don't have to authenticate against your secrets store. - In other windows you might be ssh-ed into another host where your secrets-store isn't available. For these reasons I have picked up the workflow of having a terminal window/shell session just for running pass. > > > - It's imaginable that something like that is implemented, but it would > > be unduely expensive in terms of cpu load for every character that is > > written into the terminal or so/ > > I can't imagine anything like this is alraedy implemented,m but what would > I know. > > I don't think it would be unduly expensive - in fact, if you imagine a > strategy where, when tty output is received, a timer is started to check > every second or so, and if nothing changed, would install a handler for > tty output, then, when there is a lot of output, it would only check once > per second, and if there is no outpt,. it could sleep, resulting in very > little cpu usage, and none when idle. > > > - Could be done but there is a security concern > > Well, of course, this means any program could retrieve your secrets in > a mostly automated fashion, and storing secrets such as passwords in a > clipboard is a relatively big security concern, as they can survive for a > very long time unprotected. Yes, that's understood. Though, if a program you are running in your shell is trying to do nasty things like retrieving secrets from pass, you already lost. As a side-note, pass ensures that secrets are wiped from the clipboard after a defined time-frame. Thanks for your answers. Not sure I find the time to look into an implementation of this, would be fun though. If any lurkers are looking for stuff to do, speak up, by all means! -Alex _______________________________________________ rxvt-unicode mailing list rxvt-unicode@lists.schmorp.de http://lists.schmorp.de/mailman/listinfo/rxvt-unicode
