kitty +open: Ask for permission before executing script files that are not marked as executable

This prevents accidental execution of script files via MIME type
association from programs that unconditionally "open"
attachments/downloaded files via MIME type associations.

tools/cmd/tool/confirm_and_run_shebang.go

@@ -0,0 +1,48 @@
+// License: GPLv3 Copyright: 2023, Kovid Goyal, <kovid at kovidgoyal.net>
+
+package tool
+
+import (
+	"fmt"
+	"os"
+
+	"golang.org/x/sys/unix"
+
+	"kitty/kittens/ask"
+	"kitty/tools/cli/markup"
+	"kitty/tools/utils"
+)
+
+var _ = fmt.Print
+
+func ask_for_permission(script_path string) (allowed bool, err error) {
+	opts := &ask.Options{Type: "yesno", Default: "n"}
+
+	ctx := markup.New(true)
+	opts.Message = ctx.Prettify(fmt.Sprintf(
+		"Attempting to execute the script: :yellow:`%s`\nExecuting untrusted scripts can be dangerous. Proceed anyway?", script_path))
+	response, err := ask.GetChoices(opts)
+	return response == "y", err
+}
+
+func confirm_and_run_shebang(args []string) (rc int, err error) {
+	script_path := args[len(args)-1]
+	if unix.Access(script_path, unix.X_OK) != nil {
+		allowed, err := ask_for_permission(script_path)
+		if err != nil {
+			return 1, err
+		}
+		if !allowed {
+			return 1, fmt.Errorf("Execution permission refused by user")
+		}
+	}
+	exe := utils.FindExe(args[0])
+	if exe == "" {
+		return 1, fmt.Errorf("Failed to find the script interpreter: %s", args[0])
+	}
+	err = unix.Exec(exe, args, os.Environ())
+	if err != nil {
+		rc = 1
+	}
+	return
+}

tools/cmd/tool/main.go

@@ -67,4 +67,13 @@ func KittyToolEntryPoints(root *cli.Command) {
 			return
 		},
 	})
+	// __confirm_and_run_shebang__
+	root.AddSubCommand(&cli.Command{
+		Name:            "__confirm_and_run_shebang__",
+		Hidden:          true,
+		OnlyArgsAllowed: true,
+		Run: func(cmd *cli.Command, args []string) (rc int, err error) {
+			return confirm_and_run_shebang(args)
+		},
+	})
 }