WISH: support tex fonts
9.0
+ - improved security of setuid/setgid operation, which is now
+ encouraged, by moving privileged operations into a separate
+ process and permanently dropping privileges within the
+ terminal. This makes it possible to remove security checks from
+ the perl code and gives a much safer feeling when urxvt needs to
+ run with special privileges.
- implemented perl:selection:remote-pastebin command in perl/selection
- use the scrollback buffer even when the scroll region doesn't
span the whole screen, as long as it starts at row 0.
I need to make it setuid/setgid to support utmp/ptys on my OS, is this
safe?
- Likely not. While I honestly try to make it secure, and am probably
- not bad at it, I think it is simply unreasonable to expect all of
- freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode
- itself to all be secure. Also, rxvt-unicode disables some options
- when it detects that it runs setuid or setgid, which is not nice.
- Besides, with the embedded perl interpreter the possibility for
- security problems easily multiplies.
-
- Elevated privileges are only required for utmp and pty operations on
- some systems (for example, GNU/Linux doesn't need any extra
- privileges for ptys, but some need it for utmp support). It is
- planned to mvoe this into a forked handler process, but this is not
- yet done.
-
- So, while setuid/setgid operation is supported and not a problem on
- your typical single-user-no-other-logins unix desktop, always
- remember that its an awful lot of code, most of which isn't checked
- for security issues regularly.
+ It should be, starting with release 7.1. You are encouraged to
+ properly install urxvt with privileges necessary for your OS now.
+
+ When rxvt-unicode detects that it runs setuid or setgid, it will
+ fork into a helper process for privileged operations (pty handling
+ on some systems, utmp/wtmp/lastlog handling on others) and drop
+ privileges immediately. This is much safer than most other terminals
+ that keep privileges while running (but is more relevant to urxvt,
+ as it contains things as perl interpreters, which might be "helpful"
+ to attackers).
+
+ This forking is done as the very first within main(), which is very
+ early and reduces possible bugs to initialisation code run before
+ main(), or things like the dynamic loader of your system, which
+ should result in very little risk.
When I log-in to another system it tells me about missing terminfo data?
The terminal description used by rxvt-unicode is not as widely
the favourite of the rxvt-unicode author, having used it for many
years.
- --enable-half-shadow (default: off)
- Make shadows on the scrollbar only half the normal width & height.
- only applicable to rxvt scrollbars.
-
--enable-ttygid (default: off)
Change tty device setting to group "tty" - only use this if your
system uses this type of security.
<dt><strong><a name="item_i_need_to_make_it_setuid_2fsetgid_to_support_utmp_">I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?</a></strong><br />
</dt>
<dd>
-Likely not. While I honestly try to make it secure, and am probably not
-bad at it, I think it is simply unreasonable to expect all of freetype
-+ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be
-secure. Also, rxvt-unicode disables some options when it detects that it
-runs setuid or setgid, which is not nice. Besides, with the embedded perl
-interpreter the possibility for security problems easily multiplies.
+It should be, starting with release 7.1. You are encouraged to properly
+install urxvt with privileges necessary for your OS now.
</dd>
<dd>
-<p>Elevated privileges are only required for utmp and pty operations on some
-systems (for example, GNU/Linux doesn't need any extra privileges for
-ptys, but some need it for utmp support). It is planned to mvoe this into
-a forked handler process, but this is not yet done.</p>
+<p>When rxvt-unicode detects that it runs setuid or setgid, it will fork
+into a helper process for privileged operations (pty handling on some
+systems, utmp/wtmp/lastlog handling on others) and drop privileges
+immediately. This is much safer than most other terminals that keep
+privileges while running (but is more relevant to urxvt, as it contains
+things as perl interpreters, which might be ``helpful'' to attackers).</p>
</dd>
<dd>
-<p>So, while setuid/setgid operation is supported and not a problem on your
-typical single-user-no-other-logins unix desktop, always remember that
-its an awful lot of code, most of which isn't checked for security issues
-regularly.</p>
+<p>This forking is done as the very first within main(), which is very early
+and reduces possible bugs to initialisation code run before main(), or
+things like the dynamic loader of your system, which should result in very
+little risk.</p>
</dd>
<p></p>
<dt><strong><a name="item_when_i_log_2din_to_another_system_it_tells_me_abou">When I log-in to another system it tells me about missing terminfo data?</a></strong><br />
many years.
</dd>
<p></p>
-<dt><strong><a name="item_shadow">--enable-half-shadow (default: off)</a></strong><br />
-</dt>
-<dd>
-Make shadows on the scrollbar only half the normal width & height.
-only applicable to rxvt scrollbars.
-</dd>
-<p></p>
<dt><strong><a name="item_ttygid">--enable-ttygid (default: off)</a></strong><br />
</dt>
<dd>
.\" ========================================================================
.\"
.IX Title "rxvt 7"
-.TH rxvt 7 "2006-01-16" "7.0" "RXVT-UNICODE"
+.TH rxvt 7 "2006-01-17" "7.1" "RXVT-UNICODE"
.SH "NAME"
RXVT REFERENCE \- FAQ, command sequences and other background information
.SH "SYNOPSIS"
encodings built-in that increase download times and are rarely used).
.IP "I need to make it setuid/setgid to support utmp/ptys on my \s-1OS\s0, is this safe?" 4
.IX Item "I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?"
-Likely not. While I honestly try to make it secure, and am probably not
-bad at it, I think it is simply unreasonable to expect all of freetype
-+ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be
-secure. Also, rxvt-unicode disables some options when it detects that it
-runs setuid or setgid, which is not nice. Besides, with the embedded perl
-interpreter the possibility for security problems easily multiplies.
-.Sp
-Elevated privileges are only required for utmp and pty operations on some
-systems (for example, GNU/Linux doesn't need any extra privileges for
-ptys, but some need it for utmp support). It is planned to mvoe this into
-a forked handler process, but this is not yet done.
-.Sp
-So, while setuid/setgid operation is supported and not a problem on your
-typical single-user-no-other-logins unix desktop, always remember that
-its an awful lot of code, most of which isn't checked for security issues
-regularly.
+It should be, starting with release 7.1. You are encouraged to properly
+install urxvt with privileges necessary for your \s-1OS\s0 now.
+.Sp
+When rxvt-unicode detects that it runs setuid or setgid, it will fork
+into a helper process for privileged operations (pty handling on some
+systems, utmp/wtmp/lastlog handling on others) and drop privileges
+immediately. This is much safer than most other terminals that keep
+privileges while running (but is more relevant to urxvt, as it contains
+things as perl interpreters, which might be \*(L"helpful\*(R" to attackers).
+.Sp
+This forking is done as the very first within \fImain()\fR, which is very early
+and reduces possible bugs to initialisation code run before \fImain()\fR, or
+things like the dynamic loader of your system, which should result in very
+little risk.
.IP "When I log-in to another system it tells me about missing terminfo data?" 4
.IX Item "When I log-in to another system it tells me about missing terminfo data?"
The terminal description used by rxvt-unicode is not as widely available
Add support for a very unobtrusive, plain-looking scrollbar that
is the favourite of the rxvt-unicode author, having used it for
many years.
-.IP "\-\-enable\-half\-shadow (default: off)" 4
-.IX Item "--enable-half-shadow (default: off)"
-Make shadows on the scrollbar only half the normal width & height.
-only applicable to rxvt scrollbars.
.IP "\-\-enable\-ttygid (default: off)" 4
.IX Item "--enable-ttygid (default: off)"
Change tty device setting to group \*(L"tty\*(R" \- only use this if
=item I need to make it setuid/setgid to support utmp/ptys on my OS, is this safe?
-Likely not. While I honestly try to make it secure, and am probably not
-bad at it, I think it is simply unreasonable to expect all of freetype
-+ fontconfig + xft + xlib + perl + ... + rxvt-unicode itself to all be
-secure. Also, rxvt-unicode disables some options when it detects that it
-runs setuid or setgid, which is not nice. Besides, with the embedded perl
-interpreter the possibility for security problems easily multiplies.
-
-Elevated privileges are only required for utmp and pty operations on some
-systems (for example, GNU/Linux doesn't need any extra privileges for
-ptys, but some need it for utmp support). It is planned to mvoe this into
-a forked handler process, but this is not yet done.
-
-So, while setuid/setgid operation is supported and not a problem on your
-typical single-user-no-other-logins unix desktop, always remember that
-its an awful lot of code, most of which isn't checked for security issues
-regularly.
+It should be, starting with release 7.1. You are encouraged to properly
+install urxvt with privileges necessary for your OS now.
+
+When rxvt-unicode detects that it runs setuid or setgid, it will fork
+into a helper process for privileged operations (pty handling on some
+systems, utmp/wtmp/lastlog handling on others) and drop privileges
+immediately. This is much safer than most other terminals that keep
+privileges while running (but is more relevant to urxvt, as it contains
+things as perl interpreters, which might be "helpful" to attackers).
+
+This forking is done as the very first within main(), which is very early
+and reduces possible bugs to initialisation code run before main(), or
+things like the dynamic loader of your system, which should result in very
+little risk.
=item When I log-in to another system it tells me about missing terminfo data?
I need to make it setuid/setgid to support utmp/ptys on my OS, is this
safe?
- Likely not. While I honestly try to make it secure, and am probably
- not bad at it, I think it is simply unreasonable to expect all of
- freetype + fontconfig + xft + xlib + perl + ... + rxvt-unicode
- itself to all be secure. Also, rxvt-unicode disables some options
- when it detects that it runs setuid or setgid, which is not nice.
- Besides, with the embedded perl interpreter the possibility for
- security problems easily multiplies.
-
- Elevated privileges are only required for utmp and pty operations on
- some systems (for example, GNU/Linux doesn't need any extra
- privileges for ptys, but some need it for utmp support). It is
- planned to mvoe this into a forked handler process, but this is not
- yet done.
-
- So, while setuid/setgid operation is supported and not a problem on
- your typical single-user-no-other-logins unix desktop, always
- remember that its an awful lot of code, most of which isn't checked
- for security issues regularly.
+ It should be, starting with release 7.1. You are encouraged to
+ properly install urxvt with privileges necessary for your OS now.
+
+ When rxvt-unicode detects that it runs setuid or setgid, it will
+ fork into a helper process for privileged operations (pty handling
+ on some systems, utmp/wtmp/lastlog handling on others) and drop
+ privileges immediately. This is much safer than most other terminals
+ that keep privileges while running (but is more relevant to urxvt,
+ as it contains things as perl interpreters, which might be "helpful"
+ to attackers).
+
+ This forking is done as the very first within main(), which is very
+ early and reduces possible bugs to initialisation code run before
+ main(), or things like the dynamic loader of your system, which
+ should result in very little risk.
When I log-in to another system it tells me about missing terminfo data?
The terminal description used by rxvt-unicode is not as widely
the favourite of the rxvt-unicode author, having used it for many
years.
- --enable-half-shadow (default: off)
- Make shadows on the scrollbar only half the normal width & height.
- only applicable to rxvt scrollbars.
-
--enable-ttygid (default: off)
Change tty device setting to group "tty" - only use this if your
system uses this type of security.
interesting uses, such as parsing a line from beginning to end.</p>
</dd>
<dd>
-<p>This extension also offers the following bindable keyboard command:</p>
+<p>This extension also offers following bindable keyboard commands:</p>
</dd>
<dl>
<dt><strong><a name="item_rot13">rot13</a></strong><br />
<pre>
URxvt.keysym.C-M-r: perl:selection:rot13</pre>
</dd>
+<p></p>
+<dt><strong><a name="item_remote_2dpastebin">remote-pastebin</a></strong><br />
+</dt>
+<dd>
+Upload the selection as textfile to a remote site.
+</dd>
+<dd>
+<pre>
+ URxvt.keysym.C-M-e: perl:selection:remote-pastebin</pre>
+</dd>
+<dd>
+<p>To set the command to upload the file set this resource:</p>
+</dd>
+<dd>
+<pre>
+ URxvt.selection-pastebin-cmd: rsync -apP % ruth:/var/www/www.ta-sa.org/files/txt/.</pre>
+</dd>
+<dd>
+<p>The % is the placeholder for the textfile. The name of the textfile is the hex encoded
+md5 sum of the selection.
+After an successful upload the selection will be replaced by the following url
+(the % is the placeholder for the filename):</p>
+</dd>
+<dd>
+<pre>
+ URxvt.selection-pastebin-url: <a href="http://www.ta-sa.org/files/txt/%">http://www.ta-sa.org/files/txt/%</a></pre>
+</dd>
<p></p></dl>
<dt><strong><a name="item_popup">option-popup (enabled by default)</a></strong><br />
</dt>
<p>Messages have a size limit of 1023 bytes currently.</p>
</dd>
<p></p>
-<dt><strong><a name="item__24is_safe__3d_urxvt_3a_3asafe">$is_safe = urxvt::safe</a></strong><br />
-</dt>
-<dd>
-Returns true when it is safe to do potentially unsafe things, such as
-evaluating perl code specified by the user. This is true when urxvt was
-started setuid or setgid.
-</dd>
-<p></p>
<dt><strong><a name="item__24time__3d_urxvt_3a_3anow">$time = urxvt::NOW</a></strong><br />
</dt>
<dd>
.\" ========================================================================
.\"
.IX Title "rxvt 3"
-.TH rxvt 3 "2006-01-16" "7.0" "RXVT-UNICODE"
+.TH rxvt 3 "2006-01-17" "7.1" "RXVT-UNICODE"
.SH "NAME"
@@RXVT_NAME@@perl \- rxvt\-unicode's embedded perl interpreter
.SH "SYNOPSIS"
You can look at the source of the selection extension to see more
interesting uses, such as parsing a line from beginning to end.
.Sp
-This extension also offers the following bindable keyboard command:
+This extension also offers following bindable keyboard commands:
.RS 4
.IP "rot13" 4
.IX Item "rot13"
.Vb 1
\& URxvt.keysym.C-M-r: perl:selection:rot13
.Ve
+.IP "remote-pastebin" 4
+.IX Item "remote-pastebin"
+Upload the selection as textfile to a remote site.
+.Sp
+.Vb 1
+\& URxvt.keysym.C-M-e: perl:selection:remote-pastebin
+.Ve
+.Sp
+To set the command to upload the file set this resource:
+.Sp
+.Vb 1
+\& URxvt.selection-pastebin-cmd: rsync -apP % ruth:/var/www/www.ta-sa.org/files/txt/.
+.Ve
+.Sp
+The % is the placeholder for the textfile. The name of the textfile is the hex encoded
+md5 sum of the selection.
+After an successful upload the selection will be replaced by the following url
+(the % is the placeholder for the filename):
+.Sp
+.Vb 1
+\& URxvt.selection-pastebin-url: http://www.ta-sa.org/files/txt/%
+.Ve
.RE
.RS 4
.RE
correct place, e.g. on stderr of the connecting urxvtc client.
.Sp
Messages have a size limit of 1023 bytes currently.
-.IP "$is_safe = urxvt::safe" 4
-.IX Item "$is_safe = urxvt::safe"
-Returns true when it is safe to do potentially unsafe things, such as
-evaluating perl code specified by the user. This is true when urxvt was
-started setuid or setgid.
.IP "$time = urxvt::NOW" 4
.IX Item "$time = urxvt::NOW"
Returns the \*(L"current time\*(R" (as per the event loop).
You can look at the source of the selection extension to see more
interesting uses, such as parsing a line from beginning to end.
- This extension also offers the following bindable keyboard command:
+ This extension also offers following bindable keyboard commands:
rot13
Rot-13 the selection when activated. Used via keyboard trigger:
URxvt.keysym.C-M-r: perl:selection:rot13
+ remote-pastebin
+ Upload the selection as textfile to a remote site.
+
+ URxvt.keysym.C-M-e: perl:selection:remote-pastebin
+
+ To set the command to upload the file set this resource:
+
+ URxvt.selection-pastebin-cmd: rsync -apP % ruth:/var/www/www.ta-sa.org/files/txt/.
+
+ The % is the placeholder for the textfile. The name of the
+ textfile is the hex encoded md5 sum of the selection. After an
+ successful upload the selection will be replaced by the
+ following url (the % is the placeholder for the filename):
+
+ URxvt.selection-pastebin-url: http://www.ta-sa.org/files/txt/%
+
option-popup (enabled by default)
Binds a popup menu to Ctrl-Button2 that lets you toggle (some)
options at runtime.
Messages have a size limit of 1023 bytes currently.
- $is_safe = urxvt::safe
- Returns true when it is safe to do potentially unsafe things, such
- as evaluating perl code specified by the user. This is true when
- urxvt was started setuid or setgid.
-
$time = urxvt::NOW
Returns the "current time" (as per the event loop).
# include <termios.h>
#endif
-#if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__)
-static uid_t saved_euid;
-static gid_t saved_egid;
-#endif
-
-bool
-rxvt_tainted ()
-{
-#if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__)
- return getuid () != saved_euid || getgid () != saved_egid;
-#else
- return false;
-#endif
-}
-
vector<rxvt_term *> rxvt_term::termlist;
static char curlocale[128], savelocale[128];
|| (rs[Rs_perl_ext_2] && *rs[Rs_perl_ext_2])
|| (rs[Rs_perl_eval] && *rs[Rs_perl_eval]))
{
-#if (defined(HAVE_SETEUID) || defined(HAVE_SETREUID)) && !defined(__CYGWIN32__)
- // ignore some perl-related arguments if some bozo installed us set[ug]id
- if (rxvt_tainted ())
- {
- if ((rs[Rs_perl_lib] && *rs[Rs_perl_lib])
- || (rs[Rs_perl_eval] && *rs[Rs_perl_eval]))
- {
- rxvt_warn ("running with elevated privileges: ignoring perl-lib and perl-eval.\n");
- rs[Rs_perl_lib] = 0;
- rs[Rs_perl_eval] = 0;
- }
- }
-#endif
rxvt_perl.init (this);
HOOK_INVOKE ((this, HOOK_INIT, DT_END));
}
rxvt_environ = environ;
- /*
- * Save and then give up any super-user privileges
- * If we need privileges in any area then we must specifically request it.
- * We should only need to be root in these cases:
- * 1. write utmp entries on some systems
- * 2. chown tty on some systems
- */
- rxvt_privileges (SAVE);
- rxvt_privileges (IGNORE);
-
signal (SIGHUP, SIG_IGN);
signal (SIGPIPE, SIG_IGN);
return p;
}
-/* ------------------------------------------------------------------------- *
- * PRIVILEGED OPERATIONS *
- * ------------------------------------------------------------------------- */
-/* take care of suid/sgid super-user (root) privileges */
-void
-rxvt_privileges (rxvt_privaction action)
-{
-#if ! defined(__CYGWIN32__)
-# if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID)
- /* setreuid () is the poor man's setuid (), seteuid () */
-# define seteuid(a) setreuid(-1, (a))
-# define setegid(a) setregid(-1, (a))
-# define HAVE_SETEUID
-# endif
-# ifdef HAVE_SETEUID
- switch (action)
- {
- case IGNORE:
- /*
- * change effective uid/gid - not real uid/gid - so we can switch
- * back to root later, as required
- */
- setegid (getgid ());
- seteuid (getuid ());
- break;
- case SAVE:
- saved_egid = getegid ();
- saved_euid = geteuid ();
- break;
- case RESTORE:
- setegid (saved_egid);
- seteuid (saved_euid);
- break;
- }
-# else
- switch (action)
- {
- case IGNORE:
- setgid (getgid ());
- setuid (getuid ());
- /* FALLTHROUGH */
- case SAVE:
- /* FALLTHROUGH */
- case RESTORE:
- break;
- }
-# endif
-#endif
-}
-
/*----------------------------------------------------------------------*/
/*
* window size/position calculcations for XSizeHint and other storage.
sub on_start {
my ($self) = @_;
- $self->{browser} = urxvt::untaint $self->x_resource ("urlLauncher") || "x-www-browser";
+ $self->{browser} = $self->x_resource ("urlLauncher") || "x-www-browser";
()
}
sub on_start {
my ($self) = @_;
- $pastebin_cmd =
- (urxvt::untaint $self->x_resource ("selection-pastebin-cmd"))
+ $pastebin_cmd = $self->x_resource ("selection-pastebin-cmd")
or "scp -p % ruth:/var/www/www.ta-sa.org/files/txt/";
- $pastebin_url =
- (urxvt::untaint $self->x_resource ("selection-pastebin-url"))
+ $pastebin_url = $self->x_resource ("selection-pastebin-url")
or "http://www.ta-sa.org/files/txt/";
();
}
sub on_init {
my ($self) = @_;
- unless (urxvt::safe) {
- warn "running with elevated privileges, ignoring selection-autotransform patterns";
- return;
- }
-
- for (my $idx = 0; defined (my $res = urxvt::untaint $self->x_resource ("selection-autotransform.$idx")); $idx++) {
+ for (my $idx = 0; defined (my $res = $self->x_resource ("selection-autotransform.$idx")); $idx++) {
$res = $self->locale_decode ($res);
my $transform = eval "sub { $res }";
sub on_start {
my ($self) = @_;
- $self->{browser} = urxvt::untaint $self->x_resource ("urlLauncher") || "x-www-browser";
+ $self->{browser} = $self->x_resource ("urlLauncher") || "x-www-browser";
$self->grab_button (3, urxvt::ControlMask);
for ($text) {
$add_button->("rot13" => sub { y/A-Za-z/N-ZA-Mn-za-m/ });
-
- urxvt::safe
- and $add_button->("eval perl expression" => sub { no warnings; $_ = eval urxvt::untaint $_ });
+ $add_button->("eval perl expression" => sub { no warnings; $_ = eval $_ });
/^(\S+):(\d+):?$/
and $add_button->("vi-commands to load '$1'" => sub { s/^(\S+):(\d+):?$/\x1b:e $1\x0d:$2\x0d/ });
};
void rxvt_init ();
-bool rxvt_tainted ();
#endif /* _RXVTLIB_H_ */
/////////////////////////////////////////////////////////////////////////////
-static SV *
-taint (SV *sv)
-{
- SvTAINT (sv);
- return sv;
-}
-
-static SV *
-taint_if (SV *sv, SV *src)
-{
- if (SvTAINTED (src))
- SvTAINT (sv);
-
- return sv;
-}
-
static wchar_t *
sv2wcs (SV *sv)
{
char *argv[] = {
"",
- "-T",
"-edo '" LIBDIR "/urxvt.pm' or ($@ and die $@) or exit 1",
};
perl = perl_alloc ();
perl_construct (perl);
- if (perl_parse (perl, xs_init, 3, argv, (char **)NULL)
+ if (perl_parse (perl, xs_init, 2, argv, (char **)NULL)
|| perl_run (perl))
{
rxvt_warn ("unable to initialize perl-interpreter, continuing without.\n");
break;
case DT_STR:
- XPUSHs (taint (sv_2mortal (newSVpv (va_arg (ap, char *), 0))));
+ XPUSHs (sv_2mortal (newSVpv (va_arg (ap, char *), 0)));
break;
case DT_STR_LEN:
char *str = va_arg (ap, char *);
int len = va_arg (ap, int);
- XPUSHs (taint (sv_2mortal (newSVpvn (str, len))));
+ XPUSHs (sv_2mortal (newSVpvn (str, len)));
}
break;
wchar_t *wstr = va_arg (ap, wchar_t *);
int wlen = va_arg (ap, int);
- XPUSHs (taint (sv_2mortal (wcs2sv (wstr, wlen))));
+ XPUSHs (sv_2mortal (wcs2sv (wstr, wlen)));
}
break;
CODE:
rxvt_fatal ("%s", msg);
-SV *
-untaint (SV *sv)
- CODE:
- RETVAL = newSVsv (sv);
- SvTAINTED_off (RETVAL);
- OUTPUT:
- RETVAL
-
void
_exit (int status)
-bool
-safe ()
- CODE:
- RETVAL = !rxvt_tainted ();
- OUTPUT:
- RETVAL
-
NV
NOW ()
CODE:
free (wstr);
- RETVAL = taint_if (newSVpv (mbstr, 0), str);
+ RETVAL = newSVpv (mbstr, 0);
free (mbstr);
}
OUTPUT:
wchar_t *wstr = rxvt_mbstowcs (data, len);
rxvt_pop_locale ();
- RETVAL = taint_if (wcs2sv (wstr), octets);
+ RETVAL = wcs2sv (wstr);
free (wstr);
}
OUTPUT:
for (int col = 0; col < THIS->ncol; col++)
wstr [col] = l.t [col];
- XPUSHs (taint (sv_2mortal (wcs2sv (wstr, THIS->ncol))));
+ XPUSHs (sv_2mortal (wcs2sv (wstr, THIS->ncol)));
delete [] wstr;
}
rxvt_pop_locale ();
- RETVAL = taint_if (wcs2sv (rstr, r - rstr), string);
+ RETVAL = wcs2sv (rstr, r - rstr);
delete [] rstr;
}
else
*r++ = *s;
- RETVAL = taint_if (wcs2sv (rstr, r - rstr), text);
+ RETVAL = wcs2sv (rstr, r - rstr);
delete [] rstr;
}
croak ("requested out-of-bound resource %s+%d,", name, index - rs->value);
if (GIMME_V != G_VOID)
- XPUSHs (THIS->rs [index] ? sv_2mortal (taint (newSVpv (THIS->rs [index], 0))) : &PL_sv_undef);
+ XPUSHs (THIS->rs [index] ? sv_2mortal (newSVpv (THIS->rs [index], 0)) : &PL_sv_undef);
if (newval)
{
const char *
rxvt_term::x_resource (const char *name)
- CLEANUP:
- SvTAINTED_on (ST (0));
bool
rxvt_term::option (U32 optval, int set = -1)
{
if (GIMME_V != G_VOID)
XPUSHs (THIS->selection.text
- ? taint (sv_2mortal (wcs2sv (THIS->selection.text, THIS->selection.len)))
+ ? sv_2mortal (wcs2sv (THIS->selection.text, THIS->selection.len))
: &PL_sv_undef);
if (newtext)
Messages have a size limit of 1023 bytes currently.
-=item $is_safe = urxvt::safe
-
-Returns true when it is safe to do potentially unsafe things, such as
-evaluating perl code specified by the user. This is true when urxvt was
-started setuid or setgid.
-
=item $time = urxvt::NOW
Returns the "current time" (as per the event loop).
open my $fh, "<:raw", $path
or die "$path: $!";
- my $source = untaint
+ my $source =
"package $pkg; use strict; use utf8;\n"
. "use base urxvt::term::extension::;\n"
. "#line 1 \"$path\"\n{\n"
projects / dana / urxvt.git / commitdiff