If you run inside guake a root shell or a shell on a remote server, any other program can run anything there. For security reasons --execute-command should be allowed only if shell in selected tab is not running any other programs, like ssh or sudo.
this would break guake-indicator but if they decide to fix this i can figure out something
Indeed this is a security break you can execute almost anything. I'll think about a way to ensure to execute only if it is the same user
@Stibbons IMHO you should check not just if it's the same user, but if shell if not running any program in foreground. For example, if fdisk program is running inside shell, typing some symbols can lead to really unexpected results. innotop connected to production database is also not a good place to carelessly type something :)
The safest option is to check if pgrep -P <shell_pid> is empty, and shell have no child processes. But this prevents us from running command in shells with background tasks. To allow command inside shell with background tasks, we should check if either pgrep -P <shell_pid> is empty or all that processes are is stopped (T) state.
If you want this feature, please vote on FeatHub
@Stibbons it's not feature, it's a security fix. Anyway, pointed it on feathub: https://feathub.com/Guake/guake/+1
I agree, but I do not think I'll have time to fix it for 3.0.0
What about adding an option to disable the execute command feature altogether for people not using/needing it?
that is an option indeed
@pdecat +1, and it should be disabled by default. Why leave potential problem for users who don't need this feature at all?
Most helpful comment
@pdecat +1, and it should be disabled by default. Why leave potential problem for users who don't need this feature at all?