这是indexloc提供的服务,不要输入任何密码
Skip to content

New AddonApp: Termux:URI that sends commands to termux when a termux:command URI is opened #1048

New issue
New issue
Closed
Closed
New AddonApp: Termux:URI that sends commands to termux when a termux:command URI is opened#1048
@ujeropoc

Description

@ujeropoc
ujeropoc
opened on Feb 28, 2019

I propose another Addon-App (similar to termux:boot) that gets invoked by termux:command URIs.
Doing this in a seperate app would outsource all the security issues from the core app, be easy to replace and so on.

Control Flow:

  1. User somehow opens a termux: URI
  2. Termux:URI parses the URI into:
    • Command and args
    • Foreground/Background
    • possibly more (CWD, ENV, ...)
  3. Termux:URI does a security check
  4. Termux:URI sends the command to Termux

URI Encoding

Possibilities of Encoding of command and arguments:

  1. leave as is: termux:command arg1 "arg 2"
    might not be supported by some apps
  2. URL Encode termux:command%20arg1%20%22arg2%22
    looks ugly
  3. base64 Encode everything termux:Y29tbWFuZCBhcmcxICJhcmcgMiI=
    looks dangerous
  4. let the user decide (see 35.)

Possibilities of Encoding of Foreground Background:

  1. if the last char of the command is & its Background
    feels very unix
  2. different URI Scheme: termuxbg background.termux.com background.v1.uri.termux.com
  3. URL Param termux:command?background=1
    would work well with cwd, ...
  4. Configurable outside of URI (see 35.)

Security

My Ideas for security:

  1. Ask the user: "Dou you want to execute command arg1 "arg 2"" [YES] [NO]
  2. Configurable Whitelist, Add Button [YES and don't ask again]
  3. Only commands in .termux/uri/ can be executed.
  4. A whitelist in textform in .termux/uri/whitelist with one line per allowed command
    • do full match ?
    • do prefix match? must clean chars like | ; && could be unsafe with some commands
  5. call one single script, .termux/uri-handler with the complete uri, skipping Step 2 and 3 and let it decide what to do.

Additional features

  • Depending on how complicate Step 2 is, a wizard to generate the termux uri would be neat. either in the App, or in javascript, hosted on the termux website. (producing a qr code)

  • Manage the whitelist

Benefit

start commands in TERMUX from:

  • all kinds of automation Apps
  • QR Codes
  • NFC Tags
  • other shiny new things

If I'm not mistaken, this would (help to) fix these issues:
termux-tasker # 6
#547
#804
#924

And now?

I have no clue about android programming, but I might enjoy playing around with it. I guess starting off of the termux:boot app to get something working, but I would need help making it into proper android app that follows some kind of coding standard etc.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions