po5
commented
1 year ago Disabling history would be the last of my concerns, security concerns are about feeding filenames/urls to the shell which may break out of our escaping.
I want to avoid any escaping because it's a very error prone solution, and instead write to an m3u file and loadfile that.
christoph-heinrich
Due to your security concerns expressed in https://github.com/po5/thumbfast/pull/36#issuecomment-1264854896 I've looked into disabling history for the shells.
cmdnever writes history to disk, so it should be fine as is (also haven't found any parameters for activating/deactivating it).shshouldn't write a history file, unless it's started in interactive mode, but adding-o nologjust to make sure. Bash however currently ignores that, so addingHISTSIZE=0as well.You also mentioned that loadfile didn't work reliably for you. I suspect that has something to do with commands not being escaped. Escaping seems like a good idea in general.
The sub process always closes for me when switching files, even when no
quitcommand gets sent. Do you know why?