HELPCTX(features_retitle),
dlg_stdcheckbox_handler,
I(offsetof(Config,no_remote_wintitle)));
+ ctrl_checkbox(s, "Disable remote window title querying (SECURITY)",
+ 'q', HELPCTX(features_qtitle), dlg_stdcheckbox_handler,
+ I(offsetof(Config,no_remote_qtitle)));
ctrl_checkbox(s, "Disable destructive backspace on server sending ^?",'b',
HELPCTX(features_dbackspace),
dlg_stdcheckbox_handler, I(offsetof(Config,no_dbackspace)));
-\versionid $Id: config.but,v 1.61 2003/04/11 17:39:48 simon Exp $
+\versionid $Id: config.but,v 1.62 2003/04/12 08:59:06 simon Exp $
\C{config} Configuring PuTTY
unexpectedly or inconveniently, you can tell PuTTY not to respond to
those server commands.
+\S{config-features-qtitle} Disabling remote window title querying
+
+\cfg{winhelp-topic}{features.qtitle}
+
+PuTTY can optionally provide the xterm service of allowing server
+applications to find out the local window title. This feature is
+disabled by default, but you can turn it on if you really want it.
+
+NOTE that this feature is a \e{potential security hazard}. If a
+malicious application can write data to your terminal (for example,
+if you merely \c{cat} a file owned by someone else on the server
+machine), it can change your window title (unless you have disabled
+this as mentioned in \k{config-features-retitle}) and then use this
+service to have the new window title sent back to the server as if
+typed at the keyboard. This allows an attacker to fake keypresses
+and potentially cause your server-side applications to do things you
+didn't want. Therefore this feature is disabled by default, and we
+recommend you do not turn it on unless you \e{really} know what you
+are doing.
+
\S{config-features-dbackspace} Disabling destructive backspace
\cfg{winhelp-topic}{features.dbackspace}
int no_remote_wintitle; /* disable remote retitling */
int no_dbackspace; /* disable destructive backspace */
int no_remote_charset; /* disable remote charset config */
+ int no_remote_qtitle; /* disable remote win title query */
int app_cursor;
int app_keypad;
int nethack_keypad;
write_setting_i(sesskey, "NoRemoteResize", cfg->no_remote_resize);
write_setting_i(sesskey, "NoAltScreen", cfg->no_alt_screen);
write_setting_i(sesskey, "NoRemoteWinTitle", cfg->no_remote_wintitle);
+ write_setting_i(sesskey, "NoRemoteQTitle", cfg->no_remote_qtitle);
write_setting_i(sesskey, "NoDBackspace", cfg->no_dbackspace);
write_setting_i(sesskey, "NoRemoteCharset", cfg->no_remote_charset);
write_setting_i(sesskey, "ApplicationCursorKeys", cfg->app_cursor);
gppi(sesskey, "NoRemoteResize", 0, &cfg->no_remote_resize);
gppi(sesskey, "NoAltScreen", 0, &cfg->no_alt_screen);
gppi(sesskey, "NoRemoteWinTitle", 0, &cfg->no_remote_wintitle);
+ gppi(sesskey, "NoRemoteQTitle", 1, &cfg->no_remote_qtitle);
gppi(sesskey, "NoDBackspace", 0, &cfg->no_dbackspace);
gppi(sesskey, "NoRemoteCharset", 0, &cfg->no_remote_charset);
gppi(sesskey, "ApplicationCursorKeys", 0, &cfg->app_cursor);
*/
break;
case 20:
- if (term->ldisc) {
+ if (term->ldisc &&
+ !term->cfg.no_remote_qtitle) {
p = get_window_title(term->frontend, TRUE);
len = strlen(p);
ldisc_send(term->ldisc, "\033]L", 3, 0);
}
break;
case 21:
- if (term->ldisc) {
+ if (term->ldisc &&
+ !term->cfg.no_remote_qtitle) {
p = get_window_title(term->frontend,FALSE);
len = strlen(p);
ldisc_send(term->ldisc, "\033]l", 3, 0);
#define WINHELP_CTX_features_resize "features.resize"
#define WINHELP_CTX_features_altscreen "features.altscreen"
#define WINHELP_CTX_features_retitle "features.retitle"
+#define WINHELP_CTX_features_qtitle "features.qtitle"
#define WINHELP_CTX_features_dbackspace "features.dbackspace"
#define WINHELP_CTX_features_charset "features.charset"
#define WINHELP_CTX_terminal_autowrap "terminal.autowrap"