mirror/konsole
1
0
Fork 0
mirror of https://github.com/KDE/konsole.git synced 2025-12-23 23:38:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

add config option to expose security sensitive dbus api

Browse Source 
default is off

I think the defaults should be safe, for people that need
it for scripting, which is for sure a minimal fraction
of the users, one click will turn it on.

(or one patched config file)
This commit is contained in:
Christoph Cullmann
2025-09-21 23:07:47 +02:00
parent 4522bfae90
commit 613f776216
6 changed files with 156 additions and 143 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/CMakeLists.txt
View File

@@ -22,10 +22,6 @@ if(BUILD_TESTING)
add_subdirectory(tests)
endif()
### Security concerns about sendText and runCommand dbus methods being public
option(REMOVE_SENDTEXT_RUNCOMMAND_DBUS_METHODS "Konsole: remove sendText and runCommand dbus methods" OFF)
### Security concerns about reading arbitrary screen positions
option(ENABLE_DECRQCRA "Konsole: enable DEC request checksum rectangular area" OFF)

3
src/config-konsole.h.cmake
View File

@@ -7,9 +7,6 @@
#cmakedefine01 HAVE_DBUS
/* If defined, remove public access to dbus sendInput/runCommand */
#cmakedefine01 REMOVE_SENDTEXT_RUNCOMMAND_DBUS_METHODS
/* If defined, can checksum rectangular areas of the screen */
#cmakedefine01 ENABLE_DECRQCRA

47
src/session/Session.cpp
View File

@@ -54,6 +54,7 @@
#include <sessionadaptor.h>
#endif
#include "KonsoleSettings.h"
#include "Pty.h"
#include "SSHProcessInfo.h"
#include "SessionController.h"
@@ -85,8 +86,6 @@
using namespace Konsole;
static bool show_disallow_certain_dbus_methods_message = true;
static const int ZMODEM_BUFFER_SIZE = 1048576; // 1 Mb
// compute a securely random cookie used for activationToken
@@ -1054,29 +1053,19 @@ void Session::sendTextToTerminal(const QString &text, const QChar &eol) const
// Only D-Bus calls this function (via SendText or runCommand)
void Session::sendText(const QString &text) const
{
if (isReadOnly()) {
// avoid that we expose this if not wanted by the user
if (isCalledViaDbusAndForbidden() || isReadOnly()) {
return;
}
#if !REMOVE_SENDTEXT_RUNCOMMAND_DBUS_METHODS
if (show_disallow_certain_dbus_methods_message) {
KNotification::event(KNotification::Warning,
QStringLiteral("Konsole D-Bus Warning"),
i18n("The D-Bus methods sendText/runCommand were just used. There are security concerns about allowing these methods to be "
"public. If desired, these methods can be changed to internal use only by re-compiling Konsole. <p>This warning will only "
"show once for this Konsole instance.</p>"));
show_disallow_certain_dbus_methods_message = false;
}
#endif
_emulation->sendText(text);
}
// Only D-Bus calls this function
void Session::runCommand(const QString &command) const
{
if (isReadOnly()) {
// avoid that we expose this if not wanted by the user
if (isCalledViaDbusAndForbidden() || isReadOnly()) {
return;
}
@@ -1085,7 +1074,8 @@ void Session::runCommand(const QString &command) const
void Session::sendMouseEvent(int buttons, int column, int line, int eventType)
{
if (isReadOnly()) {
// avoid that we expose this if not wanted by the user
if (isCalledViaDbusAndForbidden() || isReadOnly()) {
return;
}
@@ -1156,7 +1146,8 @@ QStringList Session::environment() const
void Session::setEnvironment(const QStringList &environment)
{
if (isReadOnly()) {
// avoid that we expose this if not wanted by the user
if (isCalledViaDbusAndForbidden() || isReadOnly()) {
return;
}
@@ -2258,4 +2249,24 @@ QString Session::activationToken(const QString &cookieForRequest) const
return {};
}
bool Session::isCalledViaDbusAndForbidden() const
{
#if HAVE_DBUS
// we can check if this is called via dbus and then consult the config
if (calledFromDBus() && !Konsole::KonsoleSettings::enableSecuritySensitiveDBusAPI()) {
// trigger error reply
setDelayedReply(true);
auto reply = message().createErrorReply(QDBusError::AccessDenied, i18n("Security sensitive DBus API is disabled in the settings."));
QDBusConnection::sessionBus().send(reply);
// forbid call
return true;
}
return false;
#else
// no dbus, just allow it
return false;
#endif
}
#include "moc_Session.cpp"

13
src/session/Session.h
View File

@@ -569,20 +569,15 @@ public Q_SLOTS:
*/
void sendTextToTerminal(const QString &text, const QChar &eol = QChar()) const;
#if REMOVE_SENDTEXT_RUNCOMMAND_DBUS_METHODS
void sendText(const QString &text) const;
#else
/**
* Sends @p text to the current foreground terminal program.
*/
Q_SCRIPTABLE void sendText(const QString &text) const;
#endif
/**
* Sends @p command to the current foreground terminal program.
*/
#if REMOVE_SENDTEXT_RUNCOMMAND_DBUS_METHODS
void runCommand(const QString &command) const;
#else
Q_SCRIPTABLE void runCommand(const QString &command) const;
#endif
/**
* Sends a mouse event of type @p eventType emitted by button
@@ -894,6 +889,8 @@ private Q_SLOTS:
void sessionAttributeRequest(int id, uint terminator);
private:
bool isCalledViaDbusAndForbidden() const;
Q_DISABLE_COPY(Session)
void updateTerminalSize();

227
src/settings/GeneralSettings.ui
View File

@@ -37,13 +37,56 @@
<property name="spacing">
<number>6</number>
</property>
<item row="7" column="0" alignment="Qt::AlignmentFlag::AlignRight">
<item row="11" column="1">
<widget class="QCheckBox" name="kcfg_SearchReverseSearch">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="toolTip">
<string>Sets whether search should start from the bottom</string>
</property>
<property name="text">
<string>Search backwards</string>
</property>
</widget>
</item>
<item row="6" column="1">
<widget class="QCheckBox" name="kcfg_EnableSecuritySensitiveDBusAPI">
<property name="text">
<string>Enable the security sensitive parts of the DBus API</string>
</property>
</widget>
</item>
<item row="8" column="0" alignment="Qt::AlignmentFlag::AlignRight">
<widget class="QLabel" name="label_2">
<property name="text">
<string comment="@item:intext Search options">Search:</string>
</property>
</widget>
</item>
<item row="9" column="1">
<widget class="QCheckBox" name="kcfg_SearchRegExpression">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Match using regular expressions</string>
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QCheckBox" name="kcfg_RemoveWindowTitleBarAndFrame">
<property name="text">
<string>Remove window titlebar and frame</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QCheckBox" name="kcfg_AllowMenuAccelerators">
<property name="sizePolicy">
@@ -57,6 +100,22 @@
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QCheckBox" name="kcfg_UseSingleInstance">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="toolTip">
<string>When launching Konsole re-use existing process if possible</string>
</property>
<property name="text">
<string>Run all Konsole windows in a single process</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QCheckBox" name="kcfg_RememberWindowSize">
<property name="sizePolicy">
@@ -73,6 +132,29 @@
</property>
</widget>
</item>
<item row="14" column="0" alignment="Qt::AlignmentFlag::AlignRight">
<widget class="QLabel" name="label_3">
<property name="text">
<string>Notifications:</string>
</property>
</widget>
</item>
<item row="12" column="1">
<widget class="QCheckBox" name="kcfg_SearchNoWrap">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="toolTip">
<string>Sets whether search should stop instead of wrapping</string>
</property>
<property name="text">
<string>No wrap</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QCheckBox" name="kcfg_ShowWindowTitleOnTitleBar">
<property name="sizePolicy">
@@ -94,64 +176,6 @@
</widget>
</item>
<item row="8" column="1">
<widget class="QCheckBox" name="kcfg_SearchRegExpression">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Match using regular expressions</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QCheckBox" name="kcfg_UseSingleInstance">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="toolTip">
<string>When launching Konsole re-use existing process if possible</string>
</property>
<property name="text">
<string>Run all Konsole windows in a single process</string>
</property>
</widget>
</item>
<item row="9" column="1">
<widget class="QCheckBox" name="kcfg_SearchHighlightMatches">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Highlight all matches</string>
</property>
</widget>
</item>
<item row="6" column="1">
<spacer>
<property name="orientation">
<enum>Qt::Orientation::Vertical</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Policy::Fixed</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>16</height>
</size>
</property>
</spacer>
</item>
<item row="7" column="1">
<widget class="QCheckBox" name="kcfg_SearchCaseSensitive">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
@@ -167,29 +191,6 @@
</property>
</widget>
</item>
<item row="4" column="1">
<widget class="QCheckBox" name="kcfg_RemoveWindowTitleBarAndFrame">
<property name="text">
<string>Remove window titlebar and frame</string>
</property>
</widget>
</item>
<item row="12" column="1">
<spacer>
<property name="orientation">
<enum>Qt::Orientation::Vertical</enum>
</property>
<property name="sizeType">
<enum>QSizePolicy::Policy::Fixed</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>16</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label">
<property name="text">
@@ -200,14 +201,20 @@
</property>
</widget>
</item>
<item row="13" column="0" alignment="Qt::AlignmentFlag::AlignRight">
<widget class="QLabel" name="label_3">
<item row="10" column="1">
<widget class="QCheckBox" name="kcfg_SearchHighlightMatches">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="text">
<string>Notifications:</string>
<string>Highlight all matches</string>
</property>
</widget>
</item>
<item row="13" column="1">
<item row="14" column="1">
<layout class="QHBoxLayout" stretch="0,1">
<property name="spacing">
<number>0</number>
@@ -243,37 +250,37 @@
</item>
</layout>
</item>
<item row="10" column="1">
<widget class="QCheckBox" name="kcfg_SearchReverseSearch">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
<item row="13" column="1">
<spacer>
<property name="orientation">
<enum>Qt::Orientation::Vertical</enum>
</property>
<property name="toolTip">
<string>Sets whether search should start from the bottom</string>
<property name="sizeType">
<enum>QSizePolicy::Policy::Fixed</enum>
</property>
<property name="text">
<string>Search backwards</string>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>16</height>
</size>
</property>
</widget>
</spacer>
</item>
<item row="11" column="1">
<widget class="QCheckBox" name="kcfg_SearchNoWrap">
<property name="sizePolicy">
<sizepolicy hsizetype="Preferred" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
<item row="7" column="1">
<spacer>
<property name="orientation">
<enum>Qt::Orientation::Vertical</enum>
</property>
<property name="toolTip">
<string>Sets whether search should stop instead of wrapping</string>
<property name="sizeType">
<enum>QSizePolicy::Policy::Fixed</enum>
</property>
<property name="text">
<string>No wrap</string>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>16</height>
</size>
</property>
</widget>
</spacer>
</item>
</layout>
</item>

5
src/settings/konsole.kcfg
View File

@@ -33,6 +33,11 @@
<tooltip>When launching Konsole re-use existing process if possible</tooltip>
<default>false</default>
</entry>
<entry name="EnableSecuritySensitiveDBusAPI" type="Bool">
<label>Enable the security sensitive parts of the DBus API</label>
<tooltip>DBus API like runCommand will be enabled</tooltip>
<default>false</default>
</entry>
</group>
<group name="ThumbnailsSettings">
<entry name="EnableThumbnails" type="Bool">