Re: Thoughts on the standardization of Org

[Maxim Nikulin]

2020-11-11 Jean Louis wrote:
> * Maxim Nikulin [2020-11-10 19:31]:
> > 2020-11-10 Greg Minshall wrote:
> > > i would guess
> > > using 'cat -v' to read e-mail is 100% safe.  even throwing in
> > > uudecode(1), or whatever is needed to decode base64, (and then piping
> > > through 'cat -v', of course ), it's probably still safe.
> >
> > Please, check that you have at least updated tmux before applying such
> > "safe" handler: https://www.openwall.com/lists/oss-security/2020/11/05/3 The
> > news are too recent to not mention the link in such context.
> >
> > The sour story is that it is unsafe to feed non-trusted files directly to
> > terminal. A filter against control sequences is required.
>
> Is there anyway to disable control sequences? Than cat can be aliased.

We were kidding.

You do not need a terminal if you do not need control sequences. They 
plays the role of interface to allow line (or full screen) editing that 
is why control sequences is the essence of terminals. I suppose you 
would get tired almost immediately having to type everything strictly 
sequential without ability to remove even the last character. Some 
terminals allows to disable particular features, e.g. setting of title 
in xterm. But there are still a lot of rather basic capabilities.

Likely pasting a command from a web page is a more real threat. E.g. zsh 
could be more restrictive than bash during copy a peace of text into 
terminal. If you have to work in non-trusted environments, some general 
recommendations (e.g. keep you system up to date) and isolation 
techniques (virtual machines or at least separate system users) could be 
applied.

My point was that MIME handlers have to be carefully chosen. Even well 
known applications could have special options. And sorry, I somehow 
missed "-v" option of cat in Greg's message. It is exactly the case of a 
tool that everyone knows and a significantly more rare option.