mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 09:58:01 +00:00
Disable window title reporting by default, since it's a security
hazard. I considered removing it completely, but I can't rule out the possibility of an OS that actually takes security of its terminal devices seriously, and which might be able to make sensible and safe use of this feature. [originally from svn r3103]
This commit is contained in:
parent
bc4e41154a
commit
4b6ffd99f1
3
config.c
3
config.c
@ -1014,6 +1014,9 @@ void setup_config_box(struct controlbox *b, struct sesslist *sesslist,
|
|||||||
HELPCTX(features_retitle),
|
HELPCTX(features_retitle),
|
||||||
dlg_stdcheckbox_handler,
|
dlg_stdcheckbox_handler,
|
||||||
I(offsetof(Config,no_remote_wintitle)));
|
I(offsetof(Config,no_remote_wintitle)));
|
||||||
|
ctrl_checkbox(s, "Disable remote window title querying (SECURITY)",
|
||||||
|
'q', HELPCTX(features_qtitle), dlg_stdcheckbox_handler,
|
||||||
|
I(offsetof(Config,no_remote_qtitle)));
|
||||||
ctrl_checkbox(s, "Disable destructive backspace on server sending ^?",'b',
|
ctrl_checkbox(s, "Disable destructive backspace on server sending ^?",'b',
|
||||||
HELPCTX(features_dbackspace),
|
HELPCTX(features_dbackspace),
|
||||||
dlg_stdcheckbox_handler, I(offsetof(Config,no_dbackspace)));
|
dlg_stdcheckbox_handler, I(offsetof(Config,no_dbackspace)));
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
\versionid $Id: config.but,v 1.61 2003/04/11 17:39:48 simon Exp $
|
\versionid $Id: config.but,v 1.62 2003/04/12 08:59:06 simon Exp $
|
||||||
|
|
||||||
\C{config} Configuring PuTTY
|
\C{config} Configuring PuTTY
|
||||||
|
|
||||||
@ -776,6 +776,26 @@ commands from the server. If you find PuTTY is doing this
|
|||||||
unexpectedly or inconveniently, you can tell PuTTY not to respond to
|
unexpectedly or inconveniently, you can tell PuTTY not to respond to
|
||||||
those server commands.
|
those server commands.
|
||||||
|
|
||||||
|
\S{config-features-qtitle} Disabling remote window title querying
|
||||||
|
|
||||||
|
\cfg{winhelp-topic}{features.qtitle}
|
||||||
|
|
||||||
|
PuTTY can optionally provide the xterm service of allowing server
|
||||||
|
applications to find out the local window title. This feature is
|
||||||
|
disabled by default, but you can turn it on if you really want it.
|
||||||
|
|
||||||
|
NOTE that this feature is a \e{potential security hazard}. If a
|
||||||
|
malicious application can write data to your terminal (for example,
|
||||||
|
if you merely \c{cat} a file owned by someone else on the server
|
||||||
|
machine), it can change your window title (unless you have disabled
|
||||||
|
this as mentioned in \k{config-features-retitle}) and then use this
|
||||||
|
service to have the new window title sent back to the server as if
|
||||||
|
typed at the keyboard. This allows an attacker to fake keypresses
|
||||||
|
and potentially cause your server-side applications to do things you
|
||||||
|
didn't want. Therefore this feature is disabled by default, and we
|
||||||
|
recommend you do not turn it on unless you \e{really} know what you
|
||||||
|
are doing.
|
||||||
|
|
||||||
\S{config-features-dbackspace} Disabling destructive backspace
|
\S{config-features-dbackspace} Disabling destructive backspace
|
||||||
|
|
||||||
\cfg{winhelp-topic}{features.dbackspace}
|
\cfg{winhelp-topic}{features.dbackspace}
|
||||||
|
1
putty.h
1
putty.h
@ -378,6 +378,7 @@ struct config_tag {
|
|||||||
int no_remote_wintitle; /* disable remote retitling */
|
int no_remote_wintitle; /* disable remote retitling */
|
||||||
int no_dbackspace; /* disable destructive backspace */
|
int no_dbackspace; /* disable destructive backspace */
|
||||||
int no_remote_charset; /* disable remote charset config */
|
int no_remote_charset; /* disable remote charset config */
|
||||||
|
int no_remote_qtitle; /* disable remote win title query */
|
||||||
int app_cursor;
|
int app_cursor;
|
||||||
int app_keypad;
|
int app_keypad;
|
||||||
int nethack_keypad;
|
int nethack_keypad;
|
||||||
|
@ -240,6 +240,7 @@ void save_open_settings(void *sesskey, int do_host, Config *cfg)
|
|||||||
write_setting_i(sesskey, "NoRemoteResize", cfg->no_remote_resize);
|
write_setting_i(sesskey, "NoRemoteResize", cfg->no_remote_resize);
|
||||||
write_setting_i(sesskey, "NoAltScreen", cfg->no_alt_screen);
|
write_setting_i(sesskey, "NoAltScreen", cfg->no_alt_screen);
|
||||||
write_setting_i(sesskey, "NoRemoteWinTitle", cfg->no_remote_wintitle);
|
write_setting_i(sesskey, "NoRemoteWinTitle", cfg->no_remote_wintitle);
|
||||||
|
write_setting_i(sesskey, "NoRemoteQTitle", cfg->no_remote_qtitle);
|
||||||
write_setting_i(sesskey, "NoDBackspace", cfg->no_dbackspace);
|
write_setting_i(sesskey, "NoDBackspace", cfg->no_dbackspace);
|
||||||
write_setting_i(sesskey, "NoRemoteCharset", cfg->no_remote_charset);
|
write_setting_i(sesskey, "NoRemoteCharset", cfg->no_remote_charset);
|
||||||
write_setting_i(sesskey, "ApplicationCursorKeys", cfg->app_cursor);
|
write_setting_i(sesskey, "ApplicationCursorKeys", cfg->app_cursor);
|
||||||
@ -472,6 +473,7 @@ void load_open_settings(void *sesskey, int do_host, Config *cfg)
|
|||||||
gppi(sesskey, "NoRemoteResize", 0, &cfg->no_remote_resize);
|
gppi(sesskey, "NoRemoteResize", 0, &cfg->no_remote_resize);
|
||||||
gppi(sesskey, "NoAltScreen", 0, &cfg->no_alt_screen);
|
gppi(sesskey, "NoAltScreen", 0, &cfg->no_alt_screen);
|
||||||
gppi(sesskey, "NoRemoteWinTitle", 0, &cfg->no_remote_wintitle);
|
gppi(sesskey, "NoRemoteWinTitle", 0, &cfg->no_remote_wintitle);
|
||||||
|
gppi(sesskey, "NoRemoteQTitle", 1, &cfg->no_remote_qtitle);
|
||||||
gppi(sesskey, "NoDBackspace", 0, &cfg->no_dbackspace);
|
gppi(sesskey, "NoDBackspace", 0, &cfg->no_dbackspace);
|
||||||
gppi(sesskey, "NoRemoteCharset", 0, &cfg->no_remote_charset);
|
gppi(sesskey, "NoRemoteCharset", 0, &cfg->no_remote_charset);
|
||||||
gppi(sesskey, "ApplicationCursorKeys", 0, &cfg->app_cursor);
|
gppi(sesskey, "ApplicationCursorKeys", 0, &cfg->app_cursor);
|
||||||
|
@ -2604,7 +2604,8 @@ void term_out(Terminal *term)
|
|||||||
*/
|
*/
|
||||||
break;
|
break;
|
||||||
case 20:
|
case 20:
|
||||||
if (term->ldisc) {
|
if (term->ldisc &&
|
||||||
|
!term->cfg.no_remote_qtitle) {
|
||||||
p = get_window_title(term->frontend, TRUE);
|
p = get_window_title(term->frontend, TRUE);
|
||||||
len = strlen(p);
|
len = strlen(p);
|
||||||
ldisc_send(term->ldisc, "\033]L", 3, 0);
|
ldisc_send(term->ldisc, "\033]L", 3, 0);
|
||||||
@ -2613,7 +2614,8 @@ void term_out(Terminal *term)
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 21:
|
case 21:
|
||||||
if (term->ldisc) {
|
if (term->ldisc &&
|
||||||
|
!term->cfg.no_remote_qtitle) {
|
||||||
p = get_window_title(term->frontend,FALSE);
|
p = get_window_title(term->frontend,FALSE);
|
||||||
len = strlen(p);
|
len = strlen(p);
|
||||||
ldisc_send(term->ldisc, "\033]l", 3, 0);
|
ldisc_send(term->ldisc, "\033]l", 3, 0);
|
||||||
|
@ -26,6 +26,7 @@
|
|||||||
#define WINHELP_CTX_features_resize "features.resize"
|
#define WINHELP_CTX_features_resize "features.resize"
|
||||||
#define WINHELP_CTX_features_altscreen "features.altscreen"
|
#define WINHELP_CTX_features_altscreen "features.altscreen"
|
||||||
#define WINHELP_CTX_features_retitle "features.retitle"
|
#define WINHELP_CTX_features_retitle "features.retitle"
|
||||||
|
#define WINHELP_CTX_features_qtitle "features.qtitle"
|
||||||
#define WINHELP_CTX_features_dbackspace "features.dbackspace"
|
#define WINHELP_CTX_features_dbackspace "features.dbackspace"
|
||||||
#define WINHELP_CTX_features_charset "features.charset"
|
#define WINHELP_CTX_features_charset "features.charset"
|
||||||
#define WINHELP_CTX_terminal_autowrap "terminal.autowrap"
|
#define WINHELP_CTX_terminal_autowrap "terminal.autowrap"
|
||||||
|
Loading…
Reference in New Issue
Block a user