# Context Aware Secure Shell Notes
## Types of interactivity
Define C := {All characters}
Define P := {All programs}

Define interactive key set (IKS) such that IKS: P -> C as
IKS(p) := {c \in C : c has semantic meaning to the user interface of p}

Define non-interactive programs (NIPs) as {p \in P : IKS(p) == \empty}
Define arbitrarily-interactive programs (AIPs) as {p \in P : IKS(p) == C}
Define limited-interactive programs (LIPs) as {p \in P : IKS(p) \subset C}
Define newline-interactive programs (NLIPs) as {p \in P : IKS(p) == {'\n'}}

Majority of programs are NIPs.
Because NIPs do not react to user input, they are not vulnerable to this attack.

By default, stdin is newline buffered.  Therefore a program must request to read
more frequently than newlines are entered.  If a program only reads as frequently
as newlines are entered, no key other than newline can have semantic meaning
because it won't be read independently of the newline.  Thus in order for any key
other than newline to have semantic meaning to the user interface, the program
must make a system call to request it.  Thus, by default, all programs can be
treated as NLIPs.

NIPs can be treated as NLIPs because their IKS is a subset of NLIPs' IKS.  No
additional information is leaked because no input sent has semantic meaning.

strace proves that a program can detect system calls of its child processes.  Thus
SecureShell can detect the system calls of it's child processes.

If a child process of SecureShell wants an IKS that is not a subset of that of
NLIPs, it must make a system call.  SecureShell can detect that system call and
thus recognize programs which are not NLIPs.

If the program is not an NLIP, SecureShell can shift modes to treat it as an AIP
until the process finishes.

Possible: Can I see what keys the program is requesting?

Thus I can limit sending keystrokes to exclusively when the program needs it.