kitty +open: Ask for permission before executing script files that are not marked as executable

This prevents accidental execution of script files via MIME type
association from programs that unconditionally "open"
attachments/downloaded files via MIME type associations.
This commit is contained in:
Kovid Goyal
2023-05-07 08:11:39 +05:30
parent 79c19562b5
commit 537cabca71
6 changed files with 64 additions and 3 deletions

View File

@@ -94,6 +94,7 @@ def edit(args: List[str]) -> None:
def shebang(args: List[str]) -> None:
from kitty.constants import kitten_exe
script_path = args[1]
cmd = args[2:]
if cmd == ['__ext__']:
@@ -111,7 +112,7 @@ def shebang(args: List[str]) -> None:
cmd = line.split(' ')
else:
cmd = line.split(' ', maxsplit=1)
os.execvp(cmd[0], cmd + [script_path])
os.execvp(kitten_exe(), ['kitten', '__confirm_and_run_shebang__'] + cmd + [script_path])
def run_kitten(args: List[str]) -> None: