Bug 318524

Summary: Secure, Flexible and Reviewable way for pasting commands into the terminal
Product: [Applications] konsole Reporter: Dimitri Nüscheler <dimitri.nuescheler>
Component: copy-pasteAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED DUPLICATE    
Severity: wishlist CC: khindenburg
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Dimitri Nüscheler 2013-04-17 20:32:58 UTC 
It should be possible to configure konsole in a way so it works well together with online tutorials guiding the user with example commands.

I suggest that konsole allows a way of pasting where line by is inserted into the shell rather than executing as LF is scanned.

Recommended behaviour:

As the user uses "Paste", the clipboard is appended to an initially empty konsole-session owned buffer asserting that the last character is LF (append if none there). If the buffer was empty:
Scan the buffer till the first LF, send that part to shell (LF excluded) and delete from buffer (LF included). This step is called dequeue.

As the user sends Enter/Return to shell and the buffer is not empty: dequeue - this should execute the first line and at the same time have the next line sent to shell, but without the LF so it won't execute immediately.

On user request the buffer is cleared.

This improves security, because the user is able to review a command he copied from an online tutorial which (if malicious) might contain commands which were not visible as it was copied. (Secure)

If the command contains parts which should be modified to user needs, the user is now able to. (Flexible)

After execution of a command, the user is able to review its execution and to decide whether to proceed. (Reviewable)


Please either add as alternate way of pasting or make copy+paste configurable. If experience shows that this way of pasting makes more sense for most use-cases than the todays way, please consider making it the default.

Reproducible: Always

Actual Results:  
The default behaviour today is to send the whole clipboard to shell directly.
Comment 1 Dimitri Nüscheler 2013-04-17 20:34:45 UTC 
*line by line
Comment 2 Dimitri Nüscheler 2013-04-17 21:58:54 UTC 
My motivation to write this request is this "security alert": http://www.heise.de/security/meldung/Tricks-neu-aufgelegt-Vorsicht-bei-Copy-Paste-1841048.html

However, I don't see this as a security hole in konsole at all, but as a opportunity to have konsole assist in increasing security slightly. After all it's the users fault if the users pastes something random "from the internet" to the shell without checking.
Comment 3 Christoph Feck 2013-06-16 02:11:59 UTC 
Is this a duplicate of bug 89299?
Comment 4 Dimitri Nüscheler 2013-08-17 14:50:31 UTC 
Yes, the problem is the same. Should I copy my solution proposal to that bug?
Comment 5 Kurt Hindenburg 2013-08-18 17:58:30 UTC 
please so

*** This bug has been marked as a duplicate of bug 89299 ***