Bug 318524 - Secure, Flexible and Reviewable way for pasting commands into the terminal
Summary: Secure, Flexible and Reviewable way for pasting commands into the terminal
Status: RESOLVED DUPLICATE of bug 89299
Alias: None
Product: konsole
Classification: Applications
Component: copy-paste (show other bugs)
Version: unspecified
Platform: Debian testing Linux
: NOR wishlist
Target Milestone: ---
Assignee: Konsole Developer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-04-17 20:32 UTC by Dimitri Nüscheler
Modified: 2013-08-18 17:58 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dimitri Nüscheler 2013-04-17 20:32:58 UTC
It should be possible to configure konsole in a way so it works well together with online tutorials guiding the user with example commands.

I suggest that konsole allows a way of pasting where line by is inserted into the shell rather than executing as LF is scanned.

Recommended behaviour:

As the user uses "Paste", the clipboard is appended to an initially empty konsole-session owned buffer asserting that the last character is LF (append if none there). If the buffer was empty:
Scan the buffer till the first LF, send that part to shell (LF excluded) and delete from buffer (LF included). This step is called dequeue.

As the user sends Enter/Return to shell and the buffer is not empty: dequeue - this should execute the first line and at the same time have the next line sent to shell, but without the LF so it won't execute immediately.

On user request the buffer is cleared.

This improves security, because the user is able to review a command he copied from an online tutorial which (if malicious) might contain commands which were not visible as it was copied. (Secure)

If the command contains parts which should be modified to user needs, the user is now able to. (Flexible)

After execution of a command, the user is able to review its execution and to decide whether to proceed. (Reviewable)


Please either add as alternate way of pasting or make copy+paste configurable. If experience shows that this way of pasting makes more sense for most use-cases than the todays way, please consider making it the default.

Reproducible: Always

Actual Results:  
The default behaviour today is to send the whole clipboard to shell directly.
Comment 1 Dimitri Nüscheler 2013-04-17 20:34:45 UTC
*line by line
Comment 2 Dimitri Nüscheler 2013-04-17 21:58:54 UTC
My motivation to write this request is this "security alert": http://www.heise.de/security/meldung/Tricks-neu-aufgelegt-Vorsicht-bei-Copy-Paste-1841048.html

However, I don't see this as a security hole in konsole at all, but as a opportunity to have konsole assist in increasing security slightly. After all it's the users fault if the users pastes something random "from the internet" to the shell without checking.
Comment 3 Christoph Feck 2013-06-16 02:11:59 UTC
Is this a duplicate of bug 89299?
Comment 4 Dimitri Nüscheler 2013-08-17 14:50:31 UTC
Yes, the problem is the same. Should I copy my solution proposal to that bug?
Comment 5 Kurt Hindenburg 2013-08-18 17:58:30 UTC
please so

*** This bug has been marked as a duplicate of bug 89299 ***