No protection against paste of dangerous commands [$50]

Bug #1416887 reported by Ikey Doherty
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Terminal
Fix Released
Wishlist
Akshay Shekher

Bug Description

Sadly we now live in a world of blogs giving users privileged commands to copy paste blindly into their terminals..

They're usually sudo prefixed, and often the paste includes the newline character.. Resulting in immediate execution.

To avoid mishaps, it would be nice if pantheon-terminal was to intercept copy pastes of privileged commands,
by checking the prefix for privilege escalation, and the EUID of the current pty.

A warning or a "sure you want to do this?" could be nice, with perhaps a toggle behaviour.

Tags: bounty
Revision history for this message
Danielle Foré (danrabbit) wrote :
Changed in pantheon-terminal:
importance: Undecided → Wishlist
status: New → Confirmed
summary: - No protection against paste of dangerous commands
+ No protection against paste of dangerous commands [$50]
tags: added: bounty
Revision history for this message
Danielle Foré (danrabbit) wrote :

This is a patch from Ikey that adds basic detection of pasted commands that contain sudo and a newline char

Changed in pantheon-terminal:
milestone: none → freya-rc1
status: Confirmed → Fix Committed
Cody Garver (codygarver)
Changed in pantheon-terminal:
milestone: freya-rc1 → 0.3.1
status: Fix Committed → Fix Released
Changed in pantheon-terminal:
assignee: nobody → Akshay Shekher (voldyman)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.