From 4b6ffd99f1b22dde0e95fe5a6b63ed7f16584ee5 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 12 Apr 2003 08:59:06 +0000 Subject: [PATCH] Disable window title reporting by default, since it's a security hazard. I considered removing it completely, but I can't rule out the possibility of an OS that actually takes security of its terminal devices seriously, and which might be able to make sensible and safe use of this feature. [originally from svn r3103] --- config.c | 3 +++ doc/config.but | 22 +++++++++++++++++++++- putty.h | 1 + settings.c | 2 ++ terminal.c | 6 ++++-- winhelp.h | 1 + 6 files changed, 32 insertions(+), 3 deletions(-) diff --git a/config.c b/config.c index e8b7c579..58881ca3 100644 --- a/config.c +++ b/config.c @@ -1014,6 +1014,9 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist, HELPCTX(features_retitle), dlg_stdcheckbox_handler, I(offsetof(Config,no_remote_wintitle))); + ctrl_checkbox(s, "Disable remote window title querying (SECURITY)", + 'q', HELPCTX(features_qtitle), dlg_stdcheckbox_handler, + I(offsetof(Config,no_remote_qtitle))); ctrl_checkbox(s, "Disable destructive backspace on server sending ^?",'b', HELPCTX(features_dbackspace), dlg_stdcheckbox_handler, I(offsetof(Config,no_dbackspace))); diff --git a/doc/config.but b/doc/config.but index 300b9efd..fa70a09b 100644 --- a/doc/config.but +++ b/doc/config.but @@ -1,4 +1,4 @@ -\versionid $Id: config.but,v 1.61 2003/04/11 17:39:48 simon Exp $ +\versionid $Id: config.but,v 1.62 2003/04/12 08:59:06 simon Exp $ \C{config} Configuring PuTTY @@ -776,6 +776,26 @@ commands from the server. If you find PuTTY is doing this unexpectedly or inconveniently, you can tell PuTTY not to respond to those server commands. +\S{config-features-qtitle} Disabling remote window title querying + +\cfg{winhelp-topic}{features.qtitle} + +PuTTY can optionally provide the xterm service of allowing server +applications to find out the local window title. This feature is +disabled by default, but you can turn it on if you really want it. + +NOTE that this feature is a \e{potential security hazard}. If a +malicious application can write data to your terminal (for example, +if you merely \c{cat} a file owned by someone else on the server +machine), it can change your window title (unless you have disabled +this as mentioned in \k{config-features-retitle}) and then use this +service to have the new window title sent back to the server as if +typed at the keyboard. This allows an attacker to fake keypresses +and potentially cause your server-side applications to do things you +didn't want. Therefore this feature is disabled by default, and we +recommend you do not turn it on unless you \e{really} know what you +are doing. + \S{config-features-dbackspace} Disabling destructive backspace \cfg{winhelp-topic}{features.dbackspace} diff --git a/putty.h b/putty.h index a35bbc3e..96447bc2 100644 --- a/putty.h +++ b/putty.h @@ -378,6 +378,7 @@ struct config_tag { int no_remote_wintitle; /* disable remote retitling */ int no_dbackspace; /* disable destructive backspace */ int no_remote_charset; /* disable remote charset config */ + int no_remote_qtitle; /* disable remote win title query */ int app_cursor; int app_keypad; int nethack_keypad; diff --git a/settings.c b/settings.c index 1de8e51a..1152926c 100644 --- a/settings.c +++ b/settings.c @@ -240,6 +240,7 @@ void save_open_settings(void *sesskey, int do_host, Config *cfg) write_setting_i(sesskey, "NoRemoteResize", cfg->no_remote_resize); write_setting_i(sesskey, "NoAltScreen", cfg->no_alt_screen); write_setting_i(sesskey, "NoRemoteWinTitle", cfg->no_remote_wintitle); + write_setting_i(sesskey, "NoRemoteQTitle", cfg->no_remote_qtitle); write_setting_i(sesskey, "NoDBackspace", cfg->no_dbackspace); write_setting_i(sesskey, "NoRemoteCharset", cfg->no_remote_charset); write_setting_i(sesskey, "ApplicationCursorKeys", cfg->app_cursor); @@ -472,6 +473,7 @@ void load_open_settings(void *sesskey, int do_host, Config *cfg) gppi(sesskey, "NoRemoteResize", 0, &cfg->no_remote_resize); gppi(sesskey, "NoAltScreen", 0, &cfg->no_alt_screen); gppi(sesskey, "NoRemoteWinTitle", 0, &cfg->no_remote_wintitle); + gppi(sesskey, "NoRemoteQTitle", 1, &cfg->no_remote_qtitle); gppi(sesskey, "NoDBackspace", 0, &cfg->no_dbackspace); gppi(sesskey, "NoRemoteCharset", 0, &cfg->no_remote_charset); gppi(sesskey, "ApplicationCursorKeys", 0, &cfg->app_cursor); diff --git a/terminal.c b/terminal.c index bcf202e5..aecef639 100644 --- a/terminal.c +++ b/terminal.c @@ -2604,7 +2604,8 @@ void term_out(Terminal *term) */ break; case 20: - if (term->ldisc) { + if (term->ldisc && + !term->cfg.no_remote_qtitle) { p = get_window_title(term->frontend, TRUE); len = strlen(p); ldisc_send(term->ldisc, "\033]L", 3, 0); @@ -2613,7 +2614,8 @@ void term_out(Terminal *term) } break; case 21: - if (term->ldisc) { + if (term->ldisc && + !term->cfg.no_remote_qtitle) { p = get_window_title(term->frontend,FALSE); len = strlen(p); ldisc_send(term->ldisc, "\033]l", 3, 0); diff --git a/winhelp.h b/winhelp.h index d17db6b4..e767aabc 100644 --- a/winhelp.h +++ b/winhelp.h @@ -26,6 +26,7 @@ #define WINHELP_CTX_features_resize "features.resize" #define WINHELP_CTX_features_altscreen "features.altscreen" #define WINHELP_CTX_features_retitle "features.retitle" +#define WINHELP_CTX_features_qtitle "features.qtitle" #define WINHELP_CTX_features_dbackspace "features.dbackspace" #define WINHELP_CTX_features_charset "features.charset" #define WINHELP_CTX_terminal_autowrap "terminal.autowrap" -- 2.45.2