Go Back   The macosxhints Forums > Working with OS X > OS X Developer



Reply
 
Thread Tools Rate Thread Display Modes
Old 08-29-2003, 12:28 AM   #1
popguru
Prospect
 
Join Date: Mar 2003
Location: Brooklyn, NY
Posts: 40
Question Potential Security concern: "do shell script" in Applescript

I recently discovered something slightly disturbing by accident and cannot find any mention of it on the forums: When using the do shell script ... with administrator privileges command in applescript, the administrator password can show up using the ps command in the Terminal. To demonstrate, you can run this command from Script Editor:
Code:
do shell script "sleep 20" with administrator privileges
...and enter your password in the dialog box. Then, before the sleep command exits in 20 seconds, enter this command in the Terminal:
Code:
ps -axww | grep sleep | grep -v grep
You should see something like this:
Code:
18816  ??  S      0:00.01 sh -c echo '********' | sudo -p "" -S sleep 20
18818  ??  S      0:00.87 sleep 20
...where ******** is your password. This information is accessible by any user that can run the ps command. This is probably not a problem if the shell command you're running executes and exits almost immediately, but for any command that needs more that a few seconds to run and exit is a potential security risk. I've confirmed this issue on my Mac OS X 10.2.6 on my G4--I haven't tested it elsewhere. This seems like something that Apple should fix in the implementation of Applescript--there are other ways that they could send the user's password to the shell. I was going to send a message to Apple Tech support, but I thought I'd check here first to see if this is an issue that people already know about. Has anyone else ever noticed or heard of this before? Can anyone check to see if my example works under the Panther beta?

Thanks.
__________________
. . .
popguru is offline   Reply With Quote
Old 08-29-2003, 12:37 AM   #2
stetner
MVP
 
Join Date: Jan 2002
Location: Brisbane, Australia
Posts: 1,108
Yep, that is pretty ugly

I have found mention of it over a year ago here so it does not look like it is new, but I had never heard of it before..... (but the I don't applescript much)
__________________
Douglas G. Stetner
UNIX Live Free Or Die

Last edited by stetner; 08-29-2003 at 12:48 AM.
stetner is offline   Reply With Quote
Old 08-30-2003, 03:34 PM   #3
popguru
Prospect
 
Join Date: Mar 2003
Location: Brooklyn, NY
Posts: 40
Quote:
Originally posted by stetner
I have found mention of it over a year ago here so it does not look like it is new, but I had never heard of it before..... (but the I don't applescript much)

Hmm...I read through that message thread, and it looks like the discussion there is concerned with the security risks of embedding your password inside an applescript (instead of prompting for it with a dialog window) and of modifying the behavior of the sudo command so that you can run a command with admin privileges without a password. These are both relevant security concerns of using the do shell script command, but they're separate from my main concern: that the do shell script ... with administrator privileges pipes the user's password to the command line using echo, which makes the password visible using the ps command. Thanks for the reply, though.

Anyone else have thoughts on this?
__________________
. . .
popguru is offline   Reply With Quote
Old 09-10-2003, 06:48 PM   #4
greggo
Prospect
 
Join Date: Jul 2002
Posts: 14
You can put it in the background to avoid this issue
Code:
do shell script "sleep 20 &" with administrator privileges
Credit JB LE STANG for this solution.
greggo is offline   Reply With Quote
Old 09-10-2003, 08:18 PM   #5
popguru
Prospect
 
Join Date: Mar 2003
Location: Brooklyn, NY
Posts: 40
Cool

Quote:
Originally posted by greggo
You can put it in the background to avoid this issue
Code:
do shell script "sleep 20 &" with administrator privileges
Credit JB LE STANG for this solution.

Thanks, greggo (and JB LE STANG). That had occurred to me before, but I didn't expect that the applescript would receive the output of terminal command you're running, or be able to tell when (or if) the terminal command terminates. Now that I actually test it, it turns out I was wrong: it does work safely and it does wait until the terminal command terminates, and returns the output. Using "&" to run commands in the background seems to be the best workaround at the moment.

After testing this method there is one thing I noticed that you applescripters out there should watch out for. If you're running multiple commands with do shell script, linking your commands together with ";" causes the sudo command (and your password) to be visible with ps again. So doing this:
Code:
do shell script "sleep 10 ; sleep 10 &" with administrator privileges
is bad. However, you can nest multiple commands into one shell statement, like this:
Code:
do shell script "sh -c \"sleep 10 ; sleep 10\" &" with administrator privileges
and the sudo command and password will be hidden (good).

While using the above method seems to be safe, I still think there is is a security flaw here that Apple should fix.
__________________
. . .
popguru is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -5. The time now is 10:43 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.