Look at the “The transmission medium” section. I’m reasonably familiar with what can go wrong when messing with files you shouldn’t mess with on Linux, I’ve worked on the various security mechanisms that can help, and I would not want to implement this. If someone wanted me to consult on implementing this, my advice would be, first and foremost, not to.
There isn’t even a “security considerations” section in the document!
Since your comment is (was) topmost, I want to clarify that while kitty seems to have an overlarge attack surface, Sixel doesn't seem bad at all.
There's an escape code to enter "sixel" mode, then base64-style data representing 1x6 pixel bitmaps, then an escape code to get back out.
No vector graphics that might overdraw unexpectedly (security considerations!), no mechanism for out-of-band data (security considerations!), no unproven compression libraries (security considerations!), but also none of the extra magic that something like kitty would provide.
I could live happily with Sixel being universally supported in my terminal emulators.
FUD as usual. I am so sick of people waving around the security word. If you are scared of dealing with files on Linux, I suggest you throw your computer in the garbage and retire to a mountain fastness with no electricity. If you have a specific criticism of the kitty protocol make it, otherwise spare us the vague FUD.
You connect your terminal to a program (pts, which may map to a sandbox or a remote SSH server you don’t trust or just a file you feed to cat). And it contains an escape sequence that causes your terminal to read and process ~/.ssh/id_rsa or /etc/shadow or /dev/sda or /proc/self/something or some other wildly inappropriate object. And your terminal opens and reads the file.
My terminal does not live in a mountain fastness, and it’s not as exposed as a web browser, but it should at least try to make it safe to feed it untrustworthy input.
Heavens! Your terminal opens and reads a file. What a disaster. Still waiting for a concrete issue with the actual kitty graphics protocol. How is it unsafe to feed a terminal that supports the kitty graphics protocol untrusted input. One single solitary example would go a long way to prove you aren't just full of hot air.
https://sw.kovidgoyal.net/kitty/graphics-protocol/
Look at the “The transmission medium” section. I’m reasonably familiar with what can go wrong when messing with files you shouldn’t mess with on Linux, I’ve worked on the various security mechanisms that can help, and I would not want to implement this. If someone wanted me to consult on implementing this, my advice would be, first and foremost, not to.
There isn’t even a “security considerations” section in the document!