Open Process Shell
Moderators: FourthWorld, heatherlaine, Klaus, kevinmiller, robinmiller
Open Process Shell
Hi-
Just working on a program to create a password protected archive on a Linux system and have a couple of questions about logs and other traces that might be left on disk or memory of the passwords and files being archived.
At this time I have a bash script that can be executed by either the shell command or open process:
Are the any residuals left by LiveCode or Linux using either of these commands?
Bash script is like:
#!/bin/bash
find '/some dir' -type f -newermt "2020-12-31" | zip -Z bzip2 --password password /TEST.bzip2' -@
I have looked but not found anything about what may be left from these commands.
I know that executing from the terminal leaves a history in .bash_history which can be taken care of with shred.
Am leaning to using open process in this program.
Thanks for any information you can furnish.
Terry
Just working on a program to create a password protected archive on a Linux system and have a couple of questions about logs and other traces that might be left on disk or memory of the passwords and files being archived.
At this time I have a bash script that can be executed by either the shell command or open process:
Are the any residuals left by LiveCode or Linux using either of these commands?
Bash script is like:
#!/bin/bash
find '/some dir' -type f -newermt "2020-12-31" | zip -Z bzip2 --password password /TEST.bzip2' -@
I have looked but not found anything about what may be left from these commands.
I know that executing from the terminal leaves a history in .bash_history which can be taken care of with shred.
Am leaning to using open process in this program.
Thanks for any information you can furnish.
Terry
-
- VIP Livecode Opensource Backer
- Posts: 3581
- Joined: Mon Jan 22, 2007 7:36 am
- Location: Berkeley, CA, US
- Contact:
Re: Open Process Shell
I take it this is for a client system and not on your own computer.
Since you're issuing the password in cleartext, does it show up in strace logging?
Other than that I can't think of any side effects other than the history trace.
Since you're issuing the password in cleartext, does it show up in strace logging?
Other than that I can't think of any side effects other than the history trace.
PowerDebug http://powerdebug.ahsoftware.net
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
Re: Open Process Shell
mweider
Thanks for the information.
This is for my own system.
Mostly just creating backup archives, but there are a few files that I want to password protect.
I request the password from the user and then generate the bash script or pass it with the shell command. So at some time the password would be in clear text, unless there is another way to pass the password that I am not aware of. If a bash script then it gets shredded by the program.
From a brief look at strace it looks like it has to be started with the actual command. I will look into this further.
I would guess that whatever I do someone might be able to recover the password.
Thanks for the information.
This is for my own system.
Mostly just creating backup archives, but there are a few files that I want to password protect.
I request the password from the user and then generate the bash script or pass it with the shell command. So at some time the password would be in clear text, unless there is another way to pass the password that I am not aware of. If a bash script then it gets shredded by the program.
From a brief look at strace it looks like it has to be started with the actual command. I will look into this further.
I would guess that whatever I do someone might be able to recover the password.
-
- VIP Livecode Opensource Backer
- Posts: 9824
- Joined: Sat Apr 08, 2006 7:05 am
- Location: Los Angeles
- Contact:
Re: Open Process Shell
If the bad guy is in the room with you running strace on your computer, he also has access to the unencrypted copy of your files.
Besides, you'll likely be too busy fistfighting with this intruder in your home for either of you to be very concerned about your files.
The old mantra "physical access = root" reminds us of the importance of securing a system's physical location. The remedy for that problem isn't in the computer at all, but at the front door to your home.
Once physical access to a system is acquired, there are too many ways to bypass security measures to make it worthwhile spending more time thinking about the system than the physical premises.
If your concern is unauthorized network access, and if your program calls bash internally with the shell function, the call will not be run with strace and the risk seems reasonably mitigated.
Did I miss something?
Richard Gaskin
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
LiveCode development, training, and consulting services: Fourth World Systems
LiveCode Group on Facebook
LiveCode Group on LinkedIn
Re: Open Process Shell
Hi Terry,
Yop, good question, maybe some expert at a BZip company could let you know more about that.
Another way arround would be to boot away from your disk drive on an OS that only runs in your memory - if that is practical enuff.
Rebooting does not take that long - depending your HW - and you still have access to your "HD" files.
Last, use some Virtual Machine system image : load - run Zip - delete the whole image ..and I guess you would not leave traces.
https://en.wikipedia.org/wiki/List_of_L ... n_from_RAM
as for picking up a strong password wich after all is your real defense :
https://bitwarden.com/password-strength/
dont use anything below 8...or just go for 16 or more characters, would take centuries to break.
(maybe less if your hacker is the head engineer in charge of a Fugaku super computer...would be fun to see how long it'll take it)
hmmm....go for a 100 char long PW then... !
Hope it helps - Terii !
Ps: LC allows aes-256 use - as far as I know (ahead of the zippping process likely)..if stronger 512, 10xx is also possible, I'd go for it...with salting always !
Yop, good question, maybe some expert at a BZip company could let you know more about that.
Another way arround would be to boot away from your disk drive on an OS that only runs in your memory - if that is practical enuff.
Rebooting does not take that long - depending your HW - and you still have access to your "HD" files.
Last, use some Virtual Machine system image : load - run Zip - delete the whole image ..and I guess you would not leave traces.
https://en.wikipedia.org/wiki/List_of_L ... n_from_RAM
as for picking up a strong password wich after all is your real defense :
https://bitwarden.com/password-strength/
dont use anything below 8...or just go for 16 or more characters, would take centuries to break.
(maybe less if your hacker is the head engineer in charge of a Fugaku super computer...would be fun to see how long it'll take it)
hmmm....go for a 100 char long PW then... !
Hope it helps - Terii !
Ps: LC allows aes-256 use - as far as I know (ahead of the zippping process likely)..if stronger 512, 10xx is also possible, I'd go for it...with salting always !
-
- VIP Livecode Opensource Backer
- Posts: 3581
- Joined: Mon Jan 22, 2007 7:36 am
- Location: Berkeley, CA, US
- Contact:
Re: Open Process Shell
Yeah, I only brought up strace in the event you were packaging up a standalone app to run on client systems, in which case the trace log might reveal the embedded password. Since this is for your own system that shouldn't be an issue.
PowerDebug http://powerdebug.ahsoftware.net
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
Re: Open Process Shell
Talking about the wolf ... https://youtu.be/hWDvS_Mp6gc
might answer your footsteps wipe out concern...
might answer your footsteps wipe out concern...
-
- VIP Livecode Opensource Backer
- Posts: 3581
- Joined: Mon Jan 22, 2007 7:36 am
- Location: Berkeley, CA, US
- Contact:
Re: Open Process Shell
The QubeOS is awesome.
You could also push to the next level with a Purism computer
https://puri.sm/
You could also push to the next level with a Purism computer
https://puri.sm/
PowerDebug http://powerdebug.ahsoftware.net
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev
PowerTools http://www.ahsoftware.net/PowerTools/PowerTools.irev