RFC: Universal regex trigger mechanism, especially for secret retrieval
Marc Lehmann
schmorp at schmorp.de
Sat Feb 29 20:23:58 CET 2020
On Sat, Feb 29, 2020 at 05:12:59PM +0000, Alexander Huemer <alexander.huemer at xx.vu> wrote:
> What I have on my mind is a kind of trigger mechanism based on regular
> expressions. If the content of the terminal (bottom-most line,
> potentially including the prior line) matches a regex, then a defined
> action is triggered. This might come in handy for a number a usecases.
> What I am thinking about primarily though is retrieval of secrets from
> the respective store.
Sure, that would be easy with an extension - and detecting tty modes (e.g.
echo) is certainly possible form an extension as well.
> - You have a 'special' urxvt session lingering in a corner somewhere for
> the sole purpose of retrieving secrets from pass (or similar
> software). Why? to benefit from a potentially warm cache. After all
> you have to authenticate against the secrets store. If the credentials
> cache for it is warm, then retrieval is low effort.
I'm not sure I understaned that, why retrieve secrets in a different
termnal than where you need to use it?
> - It's imaginable that something like that is implemented, but it would
> be unduely expensive in terms of cpu load for every character that is
> written into the terminal or so/
I can't imagine anything like this is alraedy implemented,m but what would
I know.
I don't think it would be unduly expensive - in fact, if you imagine a
strategy where, when tty output is received, a timer is started to check
every second or so, and if nothing changed, would install a handler for
tty output, then, when there is a lot of output, it would only check once
per second, and if there is no outpt,. it could sleep, resulting in very
little cpu usage, and none when idle.
> - Could be done but there is a security concern
Well, of course, this means any program could retrieve your secrets in
a mostly automated fashion, and storing secrets such as passwords in a
clipboard is a relatively big security concern, as they can survive for a
very long time unprotected.
--
The choice of a Deliantra, the free code+content MORPG
-----==- _GNU_ http://www.deliantra.net
----==-- _ generation
---==---(_)__ __ ____ __ Marc Lehmann
--==---/ / _ \/ // /\ \/ / schmorp at schmorp.de
-=====/_/_//_/\_,_/ /_/\_\
More information about the rxvt-unicode
mailing list