Open Process Shell

Anything beyond the basics in using the LiveCode language. Share your handlers, functions and magic here.

Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller

Post Reply
dntknwjck
Posts: 24
Joined: Sat Mar 23, 2019 6:14 pm

Open Process Shell

Post by dntknwjck » Sun Mar 14, 2021 12:16 am

Hi-
Just working on a program to create a password protected archive on a Linux system and have a couple of questions about logs and other traces that might be left on disk or memory of the passwords and files being archived.

At this time I have a bash script that can be executed by either the shell command or open process:
Are the any residuals left by LiveCode or Linux using either of these commands?

Bash script is like:
#!/bin/bash
find '/some dir' -type f -newermt "2020-12-31" | zip -Z bzip2 --password password /TEST.bzip2' -@

I have looked but not found anything about what may be left from these commands.
I know that executing from the terminal leaves a history in .bash_history which can be taken care of with shred.

Am leaning to using open process in this program.

Thanks for any information you can furnish.
Terry

mwieder
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 3581
Joined: Mon Jan 22, 2007 7:36 am
Location: Berkeley, CA, US
Contact:

Re: Open Process Shell

Post by mwieder » Tue Mar 16, 2021 4:53 am

I take it this is for a client system and not on your own computer.

Since you're issuing the password in cleartext, does it show up in strace logging?
Other than that I can't think of any side effects other than the history trace.

dntknwjck
Posts: 24
Joined: Sat Mar 23, 2019 6:14 pm

Re: Open Process Shell

Post by dntknwjck » Tue Mar 16, 2021 3:09 pm

mweider
Thanks for the information.

This is for my own system.
Mostly just creating backup archives, but there are a few files that I want to password protect.
I request the password from the user and then generate the bash script or pass it with the shell command. So at some time the password would be in clear text, unless there is another way to pass the password that I am not aware of. If a bash script then it gets shredded by the program.

From a brief look at strace it looks like it has to be started with the actual command. I will look into this further.
I would guess that whatever I do someone might be able to recover the password.

FourthWorld
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 9801
Joined: Sat Apr 08, 2006 7:05 am
Location: Los Angeles
Contact:

Re: Open Process Shell

Post by FourthWorld » Tue Mar 16, 2021 3:56 pm

dntknwjck wrote:
Tue Mar 16, 2021 3:09 pm
I would guess that whatever I do someone might be able to recover the password.
If the bad guy is in the room with you running strace on your computer, he also has access to the unencrypted copy of your files.

Besides, you'll likely be too busy fistfighting with this intruder in your home for either of you to be very concerned about your files. ;)

The old mantra "physical access = root" reminds us of the importance of securing a system's physical location. The remedy for that problem isn't in the computer at all, but at the front door to your home.

Once physical access to a system is acquired, there are too many ways to bypass security measures to make it worthwhile spending more time thinking about the system than the physical premises.

If your concern is unauthorized network access, and if your program calls bash internally with the shell function, the call will not be run with strace and the risk seems reasonably mitigated.

Did I miss something?
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn

liveme
Posts: 240
Joined: Thu Aug 27, 2015 5:22 pm
Location: down under

Re: Open Process Shell

Post by liveme » Wed Mar 17, 2021 6:31 pm

Hi Terry,
Yop, good question, maybe some expert at a BZip company could let you know more about that.

Another way arround would be to boot away from your disk drive on an OS that only runs in your memory - if that is practical enuff.
Rebooting does not take that long - depending your HW - and you still have access to your "HD" files.

Last, use some Virtual Machine system image : load - run Zip - delete the whole image ..and I guess you would not leave traces.

https://en.wikipedia.org/wiki/List_of_L ... n_from_RAM

as for picking up a strong password wich after all is your real defense :
https://bitwarden.com/password-strength/
dont use anything below 8...or just go for 16 or more characters, would take centuries to break.
(maybe less if your hacker is the head engineer in charge of a Fugaku super computer...would be fun to see how long it'll take it)
hmmm....go for a 100 char long PW then... ! :mrgreen:
Hope it helps - Terii !

Ps: LC allows aes-256 use - as far as I know (ahead of the zippping process likely)..if stronger 512, 10xx is also possible, I'd go for it...with salting always !

mwieder
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 3581
Joined: Mon Jan 22, 2007 7:36 am
Location: Berkeley, CA, US
Contact:

Re: Open Process Shell

Post by mwieder » Thu Mar 18, 2021 1:41 am

Yeah, I only brought up strace in the event you were packaging up a standalone app to run on client systems, in which case the trace log might reveal the embedded password. Since this is for your own system that shouldn't be an issue.

liveme
Posts: 240
Joined: Thu Aug 27, 2015 5:22 pm
Location: down under

Re: Open Process Shell

Post by liveme » Mon Mar 22, 2021 8:26 pm

Talking about the wolf :lol: ... https://youtu.be/hWDvS_Mp6gc
might answer your footsteps wipe out concern...

mwieder
VIP Livecode Opensource Backer
VIP Livecode Opensource Backer
Posts: 3581
Joined: Mon Jan 22, 2007 7:36 am
Location: Berkeley, CA, US
Contact:

Re: Open Process Shell

Post by mwieder » Mon Mar 22, 2021 11:06 pm

The QubeOS is awesome.
You could also push to the next level with a Purism computer
https://puri.sm/

Post Reply

Return to “Talking LiveCode”