Guake/guake

Fix security problem with running programs inside root or remote shell with --execute-command

selivan asked for this feature 11 months ago — 1 comment

selivan commented 11 months ago

issue: https://github.com/Guake/guake/issues/921

If you run inside guake a root shell or a shell on a remote server, any other program can run anything there. Also, if you are running something like fdisk or innotop inside the sell, careless input may lead to a very undesirable results.

For this reasons --execute-command should be allowed only if shell in selected tab is not running any other programs, like ssh or sudo.

We should check if either pgrep -P is empty or all that processes are is stopped (T) state(for background tasks).

Join the discussion!

Sign-in with GitHub to comment