Shell vs Exec

OliveTin supports two different methods to run commands: shell and exec. The difference between these two is thta "shell" accepts strings, and will wrap that whole command in a shall with "bash -c". Exec uses a syscall directly to execute commands.

  • Shell is more flexible, because it allows you to chain commands (eg, using &&) and redirect or pipe output (eg: ">" or "|").

  • Exec is more secure, because it does not invoke a shell, and thus avoids shell injection attacks.

Shell can be safe and secure with simple argument types (like ascii_identifier), but some argument types like URL can contain basically any character - /, :, ?, &, etc - which can lead to shell injection vulnerabilities while still being a valid URL.

OliveTin will try and prevent you from using dangerous characters in shell commands (eg, URL is no longer permitted with Shell).

The way that you specify these two types of execution is different - shell expects a single string, while exec expects a list of strings (the first being the command, the rest being the arguments).

actions:
  - title: List files
	shell: ls -l /some/directory
actions:
  - title: List files
	exec:
	  - ls
	  - -l
	  - /some/directory

When in doubt, prefer exec over shell for better security. Shell was added in both OliveTin 3k and OliveTin 2k in October 2025.