RFC: Universal regex trigger mechanism, especially for secret retrieval

Marc Lehmann schmorp at schmorp.de
Sat Feb 29 20:23:58 CET 2020


On Sat, Feb 29, 2020 at 05:12:59PM +0000, Alexander Huemer <alexander.huemer at xx.vu> wrote:
> What I have on my mind is a kind of trigger mechanism based on regular 
> expressions. If the content of the terminal (bottom-most line, 
> potentially including the prior line) matches a regex, then a defined 
> action is triggered. This might come in handy for a number a usecases.  
> What I am thinking about primarily though is retrieval of secrets from 
> the respective store.

Sure, that would be easy with an extension - and detecting tty modes (e.g.
echo) is certainly possible form an extension as well.

> - You have a 'special' urxvt session lingering in a corner somewhere for 
>   the sole purpose of retrieving secrets from pass (or similar 
>   software). Why? to benefit from a potentially warm cache. After all 
>   you have to authenticate against the secrets store. If the credentials 
>   cache for it is warm, then retrieval is low effort.

I'm not sure I understaned that, why retrieve secrets in a different
termnal than where you need to use it?

> - It's imaginable that something like that is implemented, but it would 
>   be unduely expensive in terms of cpu load for every character that is 
>   written into the terminal or so/

I can't imagine anything like this is alraedy implemented,m but what would
I know.

I don't think it would be unduly expensive - in fact, if you imagine a
strategy where, when tty output is received, a timer is started to check
every second or so, and if nothing changed, would install a handler for
tty output, then, when there is a lot of output, it would only check once
per second, and if there is no outpt,. it could sleep, resulting in very
little cpu usage, and none when idle.

> - Could be done but there is a security concern

Well, of course, this means any program could retrieve your secrets in
a mostly automated fashion, and storing secrets such as passwords in a
clipboard is a relatively big security concern, as they can survive for a
very long time unprotected.

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      schmorp at schmorp.de
      -=====/_/_//_/\_,_/ /_/\_\



More information about the rxvt-unicode mailing list