Closed christoph-heinrich closed 1 year ago
Disabling history would be the last of my concerns, security concerns are about feeding filenames/urls to the shell which may break out of our escaping.
I want to avoid any escaping because it's a very error prone solution, and instead write to an m3u file and loadfile that.
Ok so this can be closed then?
Due to your security concerns expressed in https://github.com/po5/thumbfast/pull/36#issuecomment-1264854896 I've looked into disabling history for the shells.
cmd
never writes history to disk, so it should be fine as is (also haven't found any parameters for activating/deactivating it).sh
shouldn't write a history file, unless it's started in interactive mode, but adding-o nolog
just to make sure. Bash however currently ignores that, so addingHISTSIZE=0
as well.You also mentioned that loadfile didn't work reliably for you. I suspect that has something to do with commands not being escaped. Escaping seems like a good idea in general.
The sub process always closes for me when switching files, even when no
quit
command gets sent. Do you know why?