[Android] Support args for running commands
Changes PlannedPublic

Authored by nicolasfella on Oct 1 2018, 3:35 PM.

Details

Reviewers
None
Group Reviewers
KDE Connect
Summary

Extend commandentry to hold the number of args. When launching the command a dialog is shown with a text input for each command. The list of args is then sent in the packet

Diff Detail

Repository
R225 KDE Connect - Android application
Branch
commandargs
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 3401
Build 3419: arc lint + arc unit
nicolasfella created this revision.Oct 1 2018, 3:35 PM
Restricted Application added a project: KDE Connect. · View Herald TranscriptOct 1 2018, 3:35 PM
Restricted Application added a subscriber: kdeconnect. · View Herald Transcript
nicolasfella requested review of this revision.Oct 1 2018, 3:35 PM
nicolasfella retitled this revision from Support args for running commands to {Android} Support args for running commands.Oct 1 2018, 3:38 PM
nicolasfella retitled this revision from {Android} Support args for running commands to [Android] Support args for running commands.
apol added a subscriber: apol.Oct 1 2018, 5:19 PM

What's the use-case?

In D15883#334966, @apol wrote:

What's the use-case?

It's useful when you have commands that you run often, but with varying parameters. Like "sudo pacman -S $packet". I don't know why you would want to install packets from the phone, but there are other commands where this will be more useful

sredman added a subscriber: sredman.Oct 2 2018, 4:24 PM
In D15883#334966, @apol wrote:

What's the use-case?

It's useful when you have commands that you run often, but with varying parameters. Like "sudo pacman -S $packet". I don't know why you would want to install packets from the phone, but there are other commands where this will be more useful

There is a problem with injection-type attacks

For instance, I have created the command: "touch %1" (just to test)

I can run the command with the argument "/tmp/test" and I see the file /tmp/test -- Good!

I can then run the command with the argument "/tmp/test2; rm /tmp/test". I see the file /tmp/test2, but /tmp/test has been deleted -- Not good!

In case the point isn't clear, this allows arbitrary command execution from a compromised handset by sticking whatever you want into a command argument. Of course, any checking should be on the desktop side.

nicolasfella planned changes to this revision.Oct 3 2018, 1:19 PM