From 7fcdebd3060d3ff2f7f5e366f3a7167beb4da9ba Mon Sep 17 00:00:00 2001 From: simon Date: Sat, 12 Apr 2003 08:59:06 +0000 Subject: [PATCH] Disable window title reporting by default, since it's a security hazard. I considered removing it completely, but I can't rule out the possibility of an OS that actually takes security of its terminal devices seriously, and which might be able to make sensible and safe use of this feature. git-svn-id: svn://svn.tartarus.org/sgt/putty@3103 cda61777-01e9-0310-a592-d414129be87e --- config.c | 3 +++ doc/config.but | 22 +++++++++++++++++++++- putty.h | 1 + settings.c | 2 ++ terminal.c | 6 ++++-- winhelp.h | 1 + 6 files changed, 32 insertions(+), 3 deletions(-) diff --git a/config.c b/config.c index e8b7c579..58881ca3 100644 --- a/config.c +++ b/config.c @@ -1014,6 +1014,9 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist, HELPCTX(features_retitle), dlg_stdcheckbox_handler, I(offsetof(Config,no_remote_wintitle))); + ctrl_checkbox(s, "Disable remote window title querying (SECURITY)", + 'q', HELPCTX(features_qtitle), dlg_stdcheckbox_handler, + I(offsetof(Config,no_remote_qtitle))); ctrl_checkbox(s, "Disable destructive backspace on server sending ^?",'b', HELPCTX(features_dbackspace), dlg_stdcheckbox_handler, I(offsetof(Config,no_dbackspace))); diff --git a/doc/config.but b/doc/config.but index 300b9efd..fa70a09b 100644 --- a/doc/config.but +++ b/doc/config.but @@ -1,4 +1,4 @@ -\versionid $Id: config.but,v 1.61 2003/04/11 17:39:48 simon Exp $ +\versionid $Id: config.but,v 1.62 2003/04/12 08:59:06 simon Exp $ \C{config} Configuring PuTTY @@ -776,6 +776,26 @@ commands from the server. If you find PuTTY is doing this unexpectedly or inconveniently, you can tell PuTTY not to respond to those server commands. +\S{config-features-qtitle} Disabling remote window title querying + +\cfg{winhelp-topic}{features.qtitle} + +PuTTY can optionally provide the xterm service of allowing server +applications to find out the local window title. This feature is +disabled by default, but you can turn it on if you really want it. + +NOTE that this feature is a \e{potential security hazard}. If a +malicious application can write data to your terminal (for example, +if you merely \c{cat} a file owned by someone else on the server +machine), it can change your window title (unless you have disabled +this as mentioned in \k{config-features-retitle}) and then use this +service to have the new window title sent back to the server as if +typed at the keyboard. This allows an attacker to fake keypresses +and potentially cause your server-side applications to do things you +didn't want. Therefore this feature is disabled by default, and we +recommend you do not turn it on unless you \e{really} know what you +are doing. + \S{config-features-dbackspace} Disabling destructive backspace \cfg{winhelp-topic}{features.dbackspace} diff --git a/putty.h b/putty.h index a35bbc3e..96447bc2 100644 --- a/putty.h +++ b/putty.h @@ -378,6 +378,7 @@ struct config_tag { int no_remote_wintitle; /* disable remote retitling */ int no_dbackspace; /* disable destructive backspace */ int no_remote_charset; /* disable remote charset config */ + int no_remote_qtitle; /* disable remote win title query */ int app_cursor; int app_keypad; int nethack_keypad; diff --git a/settings.c b/settings.c index 1de8e51a..1152926c 100644 --- a/settings.c +++ b/settings.c @@ -240,6 +240,7 @@ void save_open_settings(void *sesskey, int do_host, Config *cfg) write_setting_i(sesskey, "NoRemoteResize", cfg->no_remote_resize); write_setting_i(sesskey, "NoAltScreen", cfg->no_alt_screen); write_setting_i(sesskey, "NoRemoteWinTitle", cfg->no_remote_wintitle); + write_setting_i(sesskey, "NoRemoteQTitle", cfg->no_remote_qtitle); write_setting_i(sesskey, "NoDBackspace", cfg->no_dbackspace); write_setting_i(sesskey, "NoRemoteCharset", cfg->no_remote_charset); write_setting_i(sesskey, "ApplicationCursorKeys", cfg->app_cursor); @@ -472,6 +473,7 @@ void load_open_settings(void *sesskey, int do_host, Config *cfg) gppi(sesskey, "NoRemoteResize", 0, &cfg->no_remote_resize); gppi(sesskey, "NoAltScreen", 0, &cfg->no_alt_screen); gppi(sesskey, "NoRemoteWinTitle", 0, &cfg->no_remote_wintitle); + gppi(sesskey, "NoRemoteQTitle", 1, &cfg->no_remote_qtitle); gppi(sesskey, "NoDBackspace", 0, &cfg->no_dbackspace); gppi(sesskey, "NoRemoteCharset", 0, &cfg->no_remote_charset); gppi(sesskey, "ApplicationCursorKeys", 0, &cfg->app_cursor); diff --git a/terminal.c b/terminal.c index bcf202e5..aecef639 100644 --- a/terminal.c +++ b/terminal.c @@ -2604,7 +2604,8 @@ void term_out(Terminal *term) */ break; case 20: - if (term->ldisc) { + if (term->ldisc && + !term->cfg.no_remote_qtitle) { p = get_window_title(term->frontend, TRUE); len = strlen(p); ldisc_send(term->ldisc, "\033]L", 3, 0); @@ -2613,7 +2614,8 @@ void term_out(Terminal *term) } break; case 21: - if (term->ldisc) { + if (term->ldisc && + !term->cfg.no_remote_qtitle) { p = get_window_title(term->frontend,FALSE); len = strlen(p); ldisc_send(term->ldisc, "\033]l", 3, 0); diff --git a/winhelp.h b/winhelp.h index d17db6b4..e767aabc 100644 --- a/winhelp.h +++ b/winhelp.h @@ -26,6 +26,7 @@ #define WINHELP_CTX_features_resize "features.resize" #define WINHELP_CTX_features_altscreen "features.altscreen" #define WINHELP_CTX_features_retitle "features.retitle" +#define WINHELP_CTX_features_qtitle "features.qtitle" #define WINHELP_CTX_features_dbackspace "features.dbackspace" #define WINHELP_CTX_features_charset "features.charset" #define WINHELP_CTX_terminal_autowrap "terminal.autowrap" -- 2.11.0