[Bug] Shell commands in cmd-button are run by root/privileged user
#426
Comments
|
|
|
fyi this does not work |
I understood it as running shell commands per se is not dangerous, but rather it depends on the commands being run.
The problem is that there is no other option in Mac (afaik).
From doc:
Will this work for Mac and Windows? |
Well, running shell commands as root is not dangerious per se either, but I do take your point.
Oh. Well that's not good :)
I believe "other" here refers to "non posix" platforms, so I would assume it works on Mac but not on Windows |
Okay, then I will post here after testing. Btw, if KMonad is run as |
|
On Wed, Nov 17 2021 09:16, Muhammed Zakir wrote:
Btw, if KMonad is run as `root`, how can we get the userID of "current
user"?
I was hoping you could tell me ^^'
|
|
Lol |
|
Hey would it be possible to pass the userid to kmonad with a flag when initiating kmonad? |
|
could one of these be the answer according to second link this might work: id -u $USERand according to the first link there is a variable $LOGNAME that might work also if there are multiple users on a system. |
It's possible, but I don't want to add that unless it's the only way or if there is a particular reason for it. @molleweide: What is the output of |
|
are you sure it should be small letters? |
|
it returns |
|
this returns T34 (cmd-button "echo xxx=$(id -u $USER)") |
|
In Linux,
|
|
I'll report back when i come home! |
|
|
|
In Mac, @slotThe: I hardcoded my userID in Edit: You'll also have to run KMonad with sudo in Linux. Otherwise I am getting this error when executing command This means we can't run KMonad without sudo if you want to use shell commands. :-( |
|
It looks like the simplest (and reliable) solution is to wrap the shell command in There is probably a better way, but I don't know. |
lol do you think this would be possible to do also in a bash function. |
|
I hardcoded the userID there for testing only. @molleweide: I told you to wait in the thread about Yabai. But this is more complicated than I thought and may take some time before fixing. In the meantime, you can use |
|
Allright cool! Just tell me if there is anything you want me to test for you and I'll try to help. EDIT I confirm that |
Well that's not good :/ I don't think forcing sudo for everyone is the right solution; it works fine as-is right now on GNU/Linux systems and it would be a shame if we had to give that up |
|
For wrapping code with minimal work (from KMonad's side), rather the one I posted above, I think heredoc is better. E.g. For the shell command -- Note: We will need to quote the eof-marker(?) to avoid shell interpretation of the content in heredoc. If we are going to do this way, we could also let user decide the shell (and shell's cli args) to which we pass the user's original commands - the one after
Exactly. That's why I don't like that solution. What do you think about wrapping them in heredoc (quoted variant) and executing* that using * by passing shell commands to be executed via STDIN using heredoc. |
|
Hey guys, do you know if it is possible to use variables in My thinking is that until this has been solved, which might take a while, maybe one could add, eg. |
|
I have an additional question / proposal: From what I understand a new shell process is started for each command? Is this correct? Would it be possible to have a single running background shell process that kmonad owns to which one can submit all of This would make sense with layouts that grow in size and that use lots of cmd buttons and also when it comes to functionality like mouse pointer. I don't know if this is a good idea but I add it here in case you have not thought about this. Personally I am kind of moving away from regular OS key bindings to mapping most things to cmd buttons because then I can move stuff away into layers that I won't accidentally trigger but also because of real estate reasons. In the end I would describe the way I use kmonad as a complex vim-style leader tree and I am trying to map all keys to OS cross-compatible cmd-buttons. |
|
Hi guys, I just wanted to check on this issue and see if there has been any progress made lately? |
|
For OpenRC /etc/init.d/kmonad command_user=username |
Notable changes: - Added `around-next-single`, a variant of `around-next` that will release its context on any change, as opposed to only on the release of the 'arounded' button. - Added default compose sequence for Ü - Added a `sticky-key` - Added `--version` (`-V`) flag - Added `+,` for "add a cedilla" - Added `:timeout-button` keyword to `tap-hold-next` and `tap-hold-next-release`, so that they can switch to a button other than the hold button when the timeout expires. - The `multi-tap` key now immediately taps the current key when another key is pressed during tapping. - Fixed compilation error under Mac, having to do with typo in Keycodes. - Fixed issue with empty-names for uinput-sinks. - Ignore SIGCHLD to deal with non-termination bug. --- This should probably be 0.5, but notable issues like [1..6] still preventing me from being comfortable with that. None of these seem completely insurmountable, though, so stay tuned :) [1]: #475 [2]: #704 [3]: #681 [4]: #716 [5]: #516 [6]: #426
Currently, if
kmonadis run usingsudo, shell commands incmd-buttonare run byroot/privileged/admin user. IMHO, this is a serious issue. I always thought shell commands were run as current user.Simple example:
sudo kmonad -ctrue <config>rootwill be printed.FWIW, in Linux, if you configure KMonad to run without
sudo, then this won't happen.The text was updated successfully, but these errors were encountered: