Topics

Is i possible hide AppleScript "do shell script" commands from bash/bash history?

David Wegener laptop
 

I was recommended to come here, by some knowledgeable folks on a Filemaker Pro forum.

So, I'm using some older versions in an active filemaker solution (FMPA 13, 14, 15), and need to enhance some security features.

 
This is within a database solution that's 'in the wild', on customers' Macs around the world. We don't really want them being able to view certain encrypted data nuggets (which may need to be sent back & forth via email).  And for certain other reasons, we can't force an upgrade to a different database version (with built-in encryption)..

 

So, to accomplish this, I use Applescript to pass data from a field into an openssl shell for encryption, then put results into an encrypted data field..

 

Calculated AppleScript here:

"property targetCell: \"cp_thisismyencrypteddatafield\" ¶

set theResult to do shell script \"echo " & cp_thisismydatasourcefield & " | openssl aes-256-cbc -k thisisMYP5SSW0rd! -base64\" ¶

copy theResult to cell targetCell of current record"

 

So, this work perfectly well, in that I'm able to pass both data and a password into openssl for encryption, and pass back.

 

My concern is this: is this action visible to prying eyes?  I've been given multiple conflicting answers from multiple 'experts', but would really appreciate someone who actually **IS** an expert to confirm or deny the security of this..

 

I thought perhaps I could see the command thru ./bash_history, but it doesn't show up.. Nor does it in any console logs that I can find... nor in 'history' (as either a user or as root). Some folks have said that a 'do shell script' (being non-interactive) is shielded from bash history...

 

But all of this is moot without something definitive - I am concerned that a well-informed hacker can perform some level of 'ps aux' at some point and actually see (or log) that shell script going by... is that so?

 

1. IF it can be logged or viewed, how?  Can I replicate that action (to prove/disprove it)?

2. IF it can be viewed, is there another (better) way to do this, without any plug-ins (yeah, i'm biased against 3rd party plug-ins), which would hide it from sight/log?

3. IF it IS hidden, (but I created a variable  - theResult), is theResult visible anywhere (or could someone simply dump that variable into plaintext somehow)?  Or does that variable self-flush when I end the script?

 

Thanks for any definitive clarity on this!


Deivy Petrescu
 

On Dec 28, 2017, at 09:48 , davew@... wrote:

I was recommended to come here, by some knowledgeable folks on a Filemaker Pro forum.

So, I'm using some older versions in an active filemaker solution (FMPA 13, 14, 15), and need to enhance some security features.


This is within a database solution that's 'in the wild', on customers' Macs around the world. We don't really want them being able to view certain encrypted data nuggets (which may need to be sent back & forth via email). And for certain other reasons, we can't force an upgrade to a different database version (with built-in encryption)..


So, to accomplish this, I use Applescript to pass data from a field into an openssl shell for encryption, then put results into an encrypted data field..


Calculated AppleScript here:

"property targetCell: \"cp_thisismyencrypteddatafield\" ¶

set theResult to do shell script \"echo " & cp_thisismydatasourcefield & " | openssl aes-256-cbc -k thisisMYP5SSW0rd! -base64\" ¶

copy theResult to cell targetCell of current record"


So, this work perfectly well, in that I'm able to pass both data and a password into openssl for encryption, and pass back.


My concern is this: is this action visible to prying eyes? I've been given multiple conflicting answers from multiple 'experts', but would really appreciate someone who actually **IS** an expert to confirm or deny the security of this..


I thought perhaps I could see the command thru ./bash_history, but it doesn't show up.. Nor does it in any console logs that I can find... nor in 'history' (as either a user or as root). Some folks have said that a 'do shell script' (being non-interactive) is shielded from bash history...


But all of this is moot without something definitive - I am concerned that a well-informed hacker can perform some level of 'ps aux' at some point and actually see (or log) that shell script going by... is that so?


1. IF it can be logged or viewed, how? Can I replicate that action (to prove/disprove it)?

2. IF it can be viewed, is there another (better) way to do this, without any plug-ins (yeah, i'm biased against 3rd party plug-ins), which would hide it from sight/log?

3. IF it IS hidden, (but I created a variable - theResult), is theResult visible anywhere (or could someone simply dump that variable into plaintext somehow)? Or does that variable self-flush when I end the script?


Thanks for any definitive clarity on this!
Dave, you will not be able to see the command in your Terminal.
do shell script does not use Terminal to send it commands, so it is sheltered from Terminal’s command history.
However, thisisMYP5SSW0rd! is legible in the script, meaning if you “open” the script on a text editor, it will be there for everyone to see.
There was a big discussion here and Shane managed to break all the passwords.
May be something has changed, but I don’t think so.

I am thinking of a way to save passwords securely on an AS, but haven’t worked on that yet!


Deivy Petrescu
applescript@...

Shane Stanley
 

On 30 Dec 2017, at 9:46 am, Deivy Petrescu <applescript@...> wrote:

However, thisisMYP5SSW0rd! is legible in the script, meaning if you “open” the script on a text editor, it will be there for everyone to see.
There was a big discussion here and Shane managed to break all the passwords.
May be something has changed, but I don’t think so.
There is a way around that issue: stop the script from storing its properties and top-level variable values. That means doing something like changing its privileges, code-signing it, or even using a top-level ASObjC variable. Of course that assumes the script doesn't otherwise rely on property persistence.

I am thinking of a way to save passwords securely on an AS, but haven’t worked on that yet!
Store it in a keychain?

--
Shane Stanley <sstanley@...>
<www.macosxautomation.com/applescript/apps/>, <latenightsw.com>

David Wegener laptop
 


On Dec 29, 2017, at 5:46 PM, Deivy Petrescu <applescript@...> wrote:


On Dec 28, 2017, at 09:48 , davew@... wrote:

I was recommended to come here, by some knowledgeable folks on a Filemaker Pro forum.
So, I'm using some older versions in an active filemaker solution (FMPA 13, 14, 15), and need to enhance some security features.
This is within a database solution that's 'in the wild', on customers' Macs around the world. We don't really want them being able to view certain encrypted data nuggets (which may need to be sent back & forth via email).  And for certain other reasons, we can't force an upgrade to a different database version (with built-in encryption)..
So, to accomplish this, I use Applescript to pass data from a field into an openssl shell for encryption, then put results into an encrypted data field..
Calculated AppleScript here:
"property targetCell: \"cp_thisismyencrypteddatafield\" ¶
set theResult to do shell script \"echo " & cp_thisismydatasourcefield & " | openssl aes-256-cbc -k thisisMYP5SSW0rd! -base64\" ¶
copy theResult to cell targetCell of current record”

So, this work perfectly well, in that I'm able to pass both data and a password into openssl for encryption, and pass back.
My concern is this: is this action visible to prying eyes?  I've been given multiple conflicting answers from multiple 'experts', but would really appreciate someone who actually **IS** an expert to confirm or deny the security of this..
I thought perhaps I could see the command thru ./bash_history, but it doesn't show up.. Nor does it in any console logs that I can find... nor in 'history' (as either a user or as root). Some folks have said that a 'do shell script' (being non-interactive) is shielded from bash history...


But all of this is moot without something definitive - I am concerned that a well-informed hacker can perform some level of 'ps aux' at some point and actually see (or log) that shell script going by... is that so?


1. IF it can be logged or viewed, how?  Can I replicate that action (to prove/disprove it)?
2. IF it can be viewed, is there another (better) way to do this, without any plug-ins (yeah, i'm biased against 3rd party plug-ins), which would hide it from sight/log?
3. IF it IS hidden, (but I created a variable  - theResult), is theResult visible anywhere (or could someone simply dump that variable into plaintext somehow)?  Or does that variable self-flush when I end the script?
Thanks for any definitive clarity on this!


Dave, you will not be able to see the command in your Terminal. 
do shell script does not use Terminal to send it commands, so it is sheltered from Terminal’s command  history.
However, thisisMYP5SSW0rd! is legible in the script, meaning if you “open” the script on a text editor, it will be there for everyone to see.
There was a big discussion here and Shane managed to break all the passwords.
May be something has changed, but I don’t think so.

I am thinking of a way to save passwords securely on an AS, but haven’t worked on that yet!


Deivy Petrescu
applescript@...

Delvy

Thanks for the followup on that.
my particular application of this is within a Filemaker Pro process - a script which runs this applescript in the background.  The user never sees the actual script (or even that it’s an applescript).
So (it sounds to me) then it will be impossible for anyone to actually see the password or the actual process?

tx

twhite_L1@twdesigns.com
 

Hi All,

I recommended that davew@... post on this list.

Here is my earlier reply to his question...
https://community.filemaker.com/message/725167?commentID=725167&et=notification.mention#comment-724808
Hope that helps.

Tony White
http://www.twdesigns.com
http://FileMaker-Fanatics.com


On 12/28/17 9:48 AM, "davew@..." <davew@...> wrote:

I was recommended to come here, by some knowledgeable folks on a Filemaker Pro forum.

So, I'm using some older versions in an active filemaker solution (FMPA 13, 14, 15), and need to enhance some security features.

 
This is within a database solution that's 'in the wild', on customers' Macs around the world. We don't really want them being able to view certain encrypted data nuggets (which may need to be sent back & forth via email).  And for certain other reasons, we can't force an upgrade to a different database version (with built-in encryption)..

 

So, to accomplish this, I use Applescript to pass data from a field into an openssl shell for encryption, then put results into an encrypted data field..

 

Calculated AppleScript here:

"property targetCell: \"cp_thisismyencrypteddatafield\" ¶

set theResult to do shell script \"echo " & cp_thisismydatasourcefield & " | openssl aes-256-cbc -k thisisMYP5SSW0rd! -base64\" ¶

copy theResult to cell targetCell of current record"

 

So, this work perfectly well, in that I'm able to pass both data and a password into openssl for encryption, and pass back.

 

My concern is this: is this action visible to prying eyes?  I've been given multiple conflicting answers from multiple 'experts', but would really appreciate someone who actually **IS** an expert to confirm or deny the security of this..

 

I thought perhaps I could see the command thru ./bash_history, but it doesn't show up.. Nor does it in any console logs that I can find... nor in 'history' (as either a user or as root). Some folks have said that a 'do shell script' (being non-interactive) is shielded from bash history...

 

But all of this is moot without something definitive - I am concerned that a well-informed hacker can perform some level of 'ps aux' at some point and actually see (or log) that shell script going by... is that so?

 

1. IF it can be logged or viewed, how?  Can I replicate that action (to prove/disprove it)?

2. IF it can be viewed, is there another (better) way to do this, without any plug-ins (yeah, i'm biased against 3rd party plug-ins), which would hide it from sight/log?

3. IF it IS hidden, (but I created a variable  - theResult), is theResult visible anywhere (or could someone simply dump that variable into plaintext somehow)?  Or does that variable self-flush when I end the script?

 

Thanks for any definitive clarity on this!



David Wegener laptop
 

On Dec 29, 2017, at 6:02 PM, Shane Stanley <sstanley@...> wrote:

On 30 Dec 2017, at 9:46 am, Deivy Petrescu <applescript@...> wrote:

However, thisisMYP5SSW0rd! is legible in the script, meaning if you “open” the script on a text editor, it will be there for everyone to see.
There was a big discussion here and Shane managed to break all the passwords.
May be something has changed, but I don’t think so.
There is a way around that issue: stop the script from storing its properties and top-level variable values. That means doing something like changing its privileges, code-signing it, or even using a top-level ASObjC variable. Of course that assumes the script doesn't otherwise rely on property persistence.
My primary interest in using AS is in conjunction with a Filemaker app, where Filemaker creates and stores the AS within a calculated FM script (which is then hidden from the user, and passes the ‘do shell script’ upon command).
In addition, I pass both the data and the key as variables (from FM fields), rather than keeping them in a static AS..

Is that any better, or just as vulnerable?


tx



I am thinking of a way to save passwords securely on an AS, but haven’t worked on that yet!
Store it in a keychain?

--
Shane Stanley <sstanley@...>
<www.macosxautomation.com/applescript/apps/>, <latenightsw.com>




Shane Stanley
 

On 31 Dec 2017, at 2:21 pm, David Wegener laptop <davew@...> wrote:

My primary interest in using AS is in conjunction with a Filemaker app, where Filemaker creates and stores the AS within a calculated FM script (which is then hidden from the user, and passes the ‘do shell script’ upon command).
In addition, I pass both the data and the key as variables (from FM fields), rather than keeping them in a static AS..

Is that any better, or just as vulnerable?
It sounds like it removes the vulnerability of stored variable values.

--
Shane Stanley <sstanley@...>
<www.macosxautomation.com/applescript/apps/>, <latenightsw.com>