starred/terminal
1
0
Fork 0
mirror of https://github.com/microsoft/terminal.git synced 2026-02-04 05:35:20 +00:00
Code Issues 19.0k Packages Projects Releases 20 Wiki Activity

[PR #11308] Warn before the user runs a new commandline elevated #28493

New Issue
Closed
opened 2026-01-31 09:28:52 +00:00 by claunia · 0 comments
claunia commented 2026-01-31 09:28:52 +00:00
Owner
Copy Link

Original Pull Request: https://github.com/microsoft/terminal/pull/11308

State: closed
Merged: No

targets #11222, followed by #11310

Summary of the Pull Request

As a part of #8455, we identified that we should probably warn before running commandlines, to make sure the user knows what they're about to do. This dialog looks like the following:

image

image

When the user approves a commandline, we'll remember that commandline, so they won't get prompted every time.
If they reject a commandline, then we're just going to close that pane.

References

PR Checklist

Detailed Description of the Pull Request / Additional comments

This PR changes Pane to be able to host any UserControl, not necessarily a TermControl. This of course has bigger repurcussions than just revealed here. It's gonna wildly conflict with some of the other open PRs. I wanted to do this more generically for #997, but alas, nobody got time for that.

This adds a AdminWarningPlaceholder which is a type of UserControl that just holds another UserControl. It looks just like a ContentDialog, but will actually resize as the window resizes.

We won't prompt for certain commandlines:

  • Anything that exists in system32 AND IS FULLY QUALIFIED eg C:\windows\system32\cmd.exe.
    • cmd.exe will prompt, because it's unqualified.
    • C:\windows\system32\cmd.exe /k echo sneaky sneak will also prompt, because it's got other args.
  • %SystemRoot%\System32\cmd.exe won't prompt, because it's smart enoguh to handle env vars
  • %SystemRoot%\System32\wsl.exe -d <distroname> won't prompt, because we trust wsl distros.
  • %SystemRoot%\System32\wsl.exe -d <distroname> bash -c do-malicious-shit.sh WILL prompt

Validation Steps Performed

Opened a bunch of terminals, in random orders, and made sure that the above commandlines would work as expected. My list of running profiles:

    {
        "commandline": "%SystemRoot%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe",
        "guid": "{61c54bbd-c2c6-5271-96e7-009a87ff44bf}",
        "hidden": false,
        "name": "Windows PowerShell"
    },
    {
        "commandline": "%SystemRoot%\\System32\\cmd.exe",
        "guid": "{0caa0dad-35be-5f56-a8ff-afceeeaa6101}",
        "hidden": false,
        "name": "Command Prompt"
    },
    {
        "guid": "{574e775e-4f2a-5b96-ac1e-a2962a402336}",
        "hidden": false,
        "name": "PowerShell",
        "source": "Windows.Terminal.PowershellCore"
    },
    {
        "guid": "{c6eaf9f4-32a7-5fdc-b5cf-066e8a4b1e40}",
        "hidden": false,
        "name": "Ubuntu-18.04",
        "source": "Windows.Terminal.Wsl"
    },
    {
        "commandline": "c:\\windows\\system32\\cmd.exe",
        "guid": "{5aea3919-92fa-5990-bb39-2321f316d9b9}",
        "name": "the COOLER cmd",
        "startingDirectory": "%USERPROFILE%"
    },
    {
        "commandline": "c:\\windows\\system32\\cmd.exe /k echo sneaky sneaks",
        "guid": "{4fd85e9a-919a-5033-9118-1b7518b676a7}",
        "name": "the sneaky cmd",
        "startingDirectory": "%USERPROFILE%"
    },
    {
        "background": "#9C1C0C",
        "commandline": "cmd.exe /k echo This profile is always elevated",
        "guid": "{7a7854d2-65bc-57c2-a2c6-70a32a2f600e}",
        "name": "elevated cmd",
        "startingDirectory": "well this is garbage",
        "tabColor": "#9C1C0C"
    },
    {
        "background": "#1C0C9C",
        "commandline": "cmd.exe /k echo This profile is just as elevated as you started with",
        "guid": "{b5c1cbf5-217f-5e0f-b3ee-3c70150ef037}",
        "name": "unelevated cmd",
        "tabColor": "#1C0C9C",
        "useAcrylic": true
    },
**Original Pull Request:** https://github.com/microsoft/terminal/pull/11308 **State:** closed **Merged:** No --- ###### targets #11222, followed by #11310 ## Summary of the Pull Request As a part of #8455, we identified that we should probably warn before running commandlines, to make sure the user knows what they're about to do. This dialog looks like the following: ![image](https://user-images.githubusercontent.com/18356694/134420083-4d6d8200-a4e8-4c51-a7a3-cca48626cfc1.png) ![image](https://user-images.githubusercontent.com/18356694/134420045-f7dde558-e34a-4b35-a78a-0be1a9b50745.png) When the user approves a commandline, we'll remember that commandline, so they won't get prompted every time. If they reject a commandline, then we're just going to close that pane. ## References * This is the vegetables so we can do #632 * #5000 ## PR Checklist * [x] Closes #11096 * [x] I work here * [ ] Tests added/passed * [ ] Requires documentation to be updated - SO very much yes but I'm gonna do it all at the end ## Detailed Description of the Pull Request / Additional comments This PR changes `Pane` to be able to host any `UserControl`, not necessarily a `TermControl`. This of course has bigger repurcussions than just revealed here. It's gonna wildly conflict with some of the other open PRs. I wanted to do this more generically for #997, but alas, nobody got time for that. This adds a `AdminWarningPlaceholder` which is a type of `UserControl` that just holds another `UserControl`. It looks just like a `ContentDialog`, but will actually resize as the window resizes. We _won't_ prompt for certain commandlines: - Anything that exists in system32 AND IS FULLY QUALIFIED eg `C:\windows\system32\cmd.exe`. - `cmd.exe` will prompt, because it's unqualified. - `C:\windows\system32\cmd.exe /k echo sneaky sneak` will also prompt, because it's got other args. - `%SystemRoot%\System32\cmd.exe` won't prompt, because it's smart enoguh to handle env vars - `%SystemRoot%\System32\wsl.exe -d <distroname>` won't prompt, because we trust wsl distros. - `%SystemRoot%\System32\wsl.exe -d <distroname> bash -c do-malicious-shit.sh` WILL prompt ## Validation Steps Performed Opened a bunch of terminals, in random orders, and made sure that the above commandlines would work as expected. My list of running profiles: <details> ```json { "commandline": "%SystemRoot%\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "guid": "{61c54bbd-c2c6-5271-96e7-009a87ff44bf}", "hidden": false, "name": "Windows PowerShell" }, { "commandline": "%SystemRoot%\\System32\\cmd.exe", "guid": "{0caa0dad-35be-5f56-a8ff-afceeeaa6101}", "hidden": false, "name": "Command Prompt" }, { "guid": "{574e775e-4f2a-5b96-ac1e-a2962a402336}", "hidden": false, "name": "PowerShell", "source": "Windows.Terminal.PowershellCore" }, { "guid": "{c6eaf9f4-32a7-5fdc-b5cf-066e8a4b1e40}", "hidden": false, "name": "Ubuntu-18.04", "source": "Windows.Terminal.Wsl" }, { "commandline": "c:\\windows\\system32\\cmd.exe", "guid": "{5aea3919-92fa-5990-bb39-2321f316d9b9}", "name": "the COOLER cmd", "startingDirectory": "%USERPROFILE%" }, { "commandline": "c:\\windows\\system32\\cmd.exe /k echo sneaky sneaks", "guid": "{4fd85e9a-919a-5033-9118-1b7518b676a7}", "name": "the sneaky cmd", "startingDirectory": "%USERPROFILE%" }, { "background": "#9C1C0C", "commandline": "cmd.exe /k echo This profile is always elevated", "guid": "{7a7854d2-65bc-57c2-a2c6-70a32a2f600e}", "name": "elevated cmd", "startingDirectory": "well this is garbage", "tabColor": "#9C1C0C" }, { "background": "#1C0C9C", "commandline": "cmd.exe /k echo This profile is just as elevated as you started with", "guid": "{b5c1cbf5-217f-5e0f-b3ee-3c70150ef037}", "name": "unelevated cmd", "tabColor": "#1C0C9C", "useAcrylic": true }, ``` </details>
claunia added the pull-request label 2026-01-31 09:28:52 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Reserved
A11yCO
A11yMAS
A11ySev1
A11ySev2
A11ySev3
A11yTTValidated
A11yUsable
A11yVoiceAccess
A11yWCAG
Area-Accessibility
Area-AtlasEngine
Area-AzureShell
Area-Build
Area-Build
Area-Chat
Area-CmdPal
Area-CodeHealth
Area-Commandline
Area-CookedRead
Area-DefApp
Area-Extensibility
Area-Fonts
Area-GroupPolicy
Area-i18n
Area-Input
Area-Interaction
Area-Interop
Area-Localization
Area-Output
Area-Performance
Area-Portable
Area-Quality
Area-Remoting
Area-Rendering
Area-Schema
Area-Server
Area-Settings
Area-SettingsUI
Area-ShellExtension
Area-ShellExtension
Area-ShellExtension
Area-Suggestions
Area-Suggestions
Area-TerminalConnection
Area-TerminalControl
Area-Theming
Area-UserInterface
Area-VT
Area-Windowing
Area-WPFControl
AutoMerge
Blocking-Ingestion
Culprit-Centennial
Culprit-WinUI
Disability-All
Disability-Blind
Disability-LowVision
Disability-Mobility
External-Blocked-WinUI3
Fixed
Gathering-Data
good first issue
HCL-E+D
HCL-WindowsTerminal
Help Wanted
Impact-Compatibility
Impact-Compliance
Impact-Correctness
Impact-Visual
In-PR
InclusionBacklog
InclusionBacklog-Windows TerminalWin32
InclusionCommitted-202206
Issue-Bug
Issue-Docs
Issue-Feature
Issue-Feature
Issue-Question
Issue-Samples
Issue-Scenario
Issue-Task
Needs-Attention
Needs-Author-Feedback
Needs-Bisect
Needs-Discussion
Needs-Repro
Needs-Tag-Fix
Needs-Tag-Fix
Needs-Triage
No-Recent-Activity
Priority-0
Priority-1
Priority-2
Priority-3
Product-Cmd.exe
Product-Colortool
Product-Colortool
Product-Colortool
Product-Conhost
Product-Conpty
Product-Meta
Product-Powershell
Product-Terminal
Product-WSL
pull-request
Mirrored from GitHub Pull Request
 Resolution-Answered
Resolution-By-Design
Resolution-Duplicate
Resolution-External
Resolution-Fix-Available
Resolution-Fix-Committed
Resolution-No-Repro
Resolution-Won't-Fix
Severity-Blocking
Severity-Crash
Severity-DataLoss
spam
this-will-be-a-breaking-change
Tracking-External
WindowsTerminal_Win32
Work-Item
zAskModeBug
zInbox-Bug
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/terminal#28493
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?