Adapeza chiwopsezo mu xterm chomwe chimatsogolera kukuphatikizika kwa code

Posachedwapa nkhaniyi inamveka chiwopsezo chinapezeka mu xterm terminal emulator (yolembedwa kale pansi pa CVE-2022-45063), vuto amalola kuchita malamulo zipolopolo pamene njira zina zopulumukira zikukonzedwa mu terminal.

Za vuto zikunenedwa kuti ndi chifukwa cha zolakwika pakukonza khodi yopulumukira 50 yomwe imagwiritsidwa ntchito kuyika kapena kupeza zosankha zamafonti. Ngati font yofunsidwa kulibe, ntchitoyi imabwezeretsa dzina la font yomwe yatchulidwa mu pempholo.

Vuto lili mu mndandanda wa OSC 50, womwe ndi wokonzekera ndi kufunsira kasupe. Ngati gwero loperekedwa kulibe, silinakhazikitsidwe, koma funso adzabwezera dzina limene linaikidwa. Zilembo zowongolera sizingakhale kuphatikizidwa, koma chingwe choyankhira chikhoza kuthetsedwa ndi ^G. Kum'mawa zimatipatsa chikale kuti tibwezere mawu ku terminal ndikumaliza ndi ^G.

Zilembo zowongolera sizingayikidwe mwachindunji m'dzina, koma chingwe chobwezedwacho chingathe kuthetsedwa ndi ndondomeko "^G", zomwe mu zsh, pamene vi-style editing mode ikugwira ntchito, imayambitsa ntchito yowonjezera mndandanda kuti ichitike, yomwe ingagwiritsidwe ntchito popanga malamulo popanda kukanikiza mwatsatanetsatane chinsinsi cholowetsa.

Kwa kuwukira m'njira yosavuta, ndikokwanira kuwonetsa zomwe zili mufayilo yopangidwa mwapadera pa zenera, mwachitsanzo, kugwiritsa ntchito mphaka, kapena kumata mzere kuchokera pa clipboard.

Debian, Red Hat ndi ena amalepheretsa magwiridwe antchito mwachisawawa , koma ogwiritsa ntchito atha kuyatsanso kudzera menyu yosankha kapena kasinthidwe. Komanso, upstream xterm imachita sichizilepheretsa mwachisawawa, kotero magawo ena amaphatikizapo a Kukonzekera kosasinthika kosasinthika.

Kuti agwiritse ntchito bwino chiwopsezocho, wogwiritsa ntchito ayenera kugwiritsa ntchito chipolopolo cha Zsh ndi mzere wowongolera (vi-cmd-mode) wosinthidwa kukhala "vi" mode., zomwe sizimagwiritsidwa ntchito mwachisawawa pogawa.

Kwenikweni, timafunikira:
zsh
active line edit mode mu vi style
koperani zolemba za trojan pa clipboard
ikani mu zsh

Izi zitha kuchitika zokha, masamba ambiri amasintha mawu akakopera pa clipboard. Chifukwa chake ndimagwiritsa ntchito buffer yokhayo, yomwe safikiridwa ndi asakatuli. Pokhapokha mu gtk3 ndipo makamaka ff m'mene amaswa nthawi zonse pazifukwa zina, ndizotopetsa.

Vuto silimawonekeranso xterm ikakhazikitsidwa allowWindowOps=zabodza kapena allowFontOps=zabodza. Mwachitsanzo, kasinthidwe allowFontOps=zabodza imayikidwa pa OpenBSD, Debian, ndi RHEL, koma sichimakakamizidwa ndi Arch Linux.

Malinga ndi chipika chosinthira ndi mawu a wofufuza yemwe adazindikira nkhaniyi, chiwopsezo yokhazikika mu mtundu wa xterm 375, koma malinga ndi magwero ena, chiwopsezocho chikupitilira kuwonekera mu Arch Linux's xterm 375.

Izi zikutanthauza kuti kuti agwiritse ntchito chiwopsezochi, wogwiritsa ntchito ayenera kukhala
kugwiritsa ntchito Zsh mu vi line editing mode (nthawi zambiri kudzera pa $EDITOR yomwe ili ndi "vi" mkati
ndi). Ngakhale zili zosadziwika bwino, izi sizodziwika konse.
kasinthidwe

Pakukhazikitsa uku, zinthu monga:
printf "\e]50;i\$(kukhudza /tmp/hack-like-its-1999)\a\e]50;?\a" > cve-2022-45063
mphaka cve-2022-45063 # kapena njira ina yoperekera izi kwa wozunzidwayo

Pomaliza, monga nthawi zonse, ogwiritsa ntchito machitidwe okhudzidwa akulimbikitsidwa kuti asunge machitidwe awo, chifukwa monga momwe mungadziwire pamene zofooka za chitetezo zimadziwika, opanga mapulogalamuwa ayenera kukonza ziphuphuzi, chifukwa zambiri za momwe ziphuphuzi zingagwiritsire ntchito zimawululidwa.

Ndikoyenera kutchula izi mafonti saloledwa muzokhazikitsira zosasintha za xterm ku magawo ena a Linux, kotero si magawo onse omwe amakhudzidwa ndi vutoli. Kwa iwo omwe ali ndi chidwi chotsatira kusindikizidwa kwa zowongolera ndi magawo, atha kutero pamasamba awa: Debian, RHEL, Fedora, SUSE, Ubuntu, Arch Linux, OpenBSD, FreeBSD y NetBSD.

Ngati muli chidwi kudziwa zambiri za izo, mutha kuwona zambiri Mu ulalo wotsatira.