lifepillar
commented
2 years ago You may see how the keychain is dumped in dumpKeychainWithPasswords(). In particular, the dialog mentioned in the Readme is just a normal AppleScript dialog. Therefore, the keychain's password is stored in an AppleScript variable as long as the script is running. The password is literally typed by allowSecurityAccess() (see this line)—hopefully, in the right dialog.
There are many things that could go wrong here, from running a maliciously modified script to gaining access to the process's memory, to somehow¹ forcing the password to be typed into the wrong location. Temporarily changing the password may be a mitigation, but does not necessarily protect against such threats.
Some context: I wrote this script to migrate from Apple Keychain to another password manager (KeepassXC). So, the idea is that I needed to run it once, and then delete the keychain and never reuse its password. I'd advise against using the script for other purposes than a one-shot export.
¹ E.g., by switching to another app (Cmd-Tab) while the script is running.
The comments say "The script always asks for the password to unlock your keychain (you recognise the dialog by the Script Editor icon). Since that dialog is not very secure, it is recommended that you change your keychain's password in Keychain.app before exporting your keychain, and restore the original password afterwards."
Can anyone comment further on the security issue with more details of how an exploit could occur? Thanks