Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kitty +open: Ask for permission before executing script files that ar…
…e not marked as executable This prevents accidental execution of script files via MIME type association from programs that unconditionally "open" attachments/downloaded files via MIME type associations.
- Loading branch information
1 parent
79c1956
commit 537cabc
Showing
6 changed files
with
64 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
// License: GPLv3 Copyright: 2023, Kovid Goyal, <kovid at kovidgoyal.net> | ||
|
||
package tool | ||
|
||
import ( | ||
"fmt" | ||
"os" | ||
|
||
"golang.org/x/sys/unix" | ||
|
||
"kitty/kittens/ask" | ||
"kitty/tools/cli/markup" | ||
"kitty/tools/utils" | ||
) | ||
|
||
var _ = fmt.Print | ||
|
||
func ask_for_permission(script_path string) (allowed bool, err error) { | ||
opts := &ask.Options{Type: "yesno", Default: "n"} | ||
|
||
ctx := markup.New(true) | ||
opts.Message = ctx.Prettify(fmt.Sprintf( | ||
"Attempting to execute the script: :yellow:`%s`\nExecuting untrusted scripts can be dangerous. Proceed anyway?", script_path)) | ||
response, err := ask.GetChoices(opts) | ||
return response == "y", err | ||
} | ||
|
||
func confirm_and_run_shebang(args []string) (rc int, err error) { | ||
script_path := args[len(args)-1] | ||
if unix.Access(script_path, unix.X_OK) != nil { | ||
allowed, err := ask_for_permission(script_path) | ||
if err != nil { | ||
return 1, err | ||
} | ||
if !allowed { | ||
return 1, fmt.Errorf("Execution permission refused by user") | ||
} | ||
} | ||
exe := utils.FindExe(args[0]) | ||
if exe == "" { | ||
return 1, fmt.Errorf("Failed to find the script interpreter: %s", args[0]) | ||
} | ||
err = unix.Exec(exe, args, os.Environ()) | ||
if err != nil { | ||
rc = 1 | ||
} | ||
return | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters