passwords can be leaked to accessibility apps via setting window titles

ibash commented 4 years ago

General information

System report (output of `prompt_pure_system_report`):

Zsh: zsh 5.7.1 (x86_64-apple-darwin19.0) (/bin/zsh)
Operating system: Mac OS X 10.15.7 (19H2)
Terminal program: iTerm.app (3.3.12)

Problem description

Pure sets the current command as the window title, but if you ever type a password in plain text (e.g. paste in a psql command) that password is now set into the title. Any app can then read that.

Reproduction steps

Install pure and iterm2
Paste in a potentially sensitive long running command like "psql ..."

My `.zshrc`:

source /usr/local/share/antigen/antigen.zsh
antigen bundle sindresorhus/pure
antigen apply

Mostly wanted to open this issue up for discussion on what a good solution is. A good solution might be don't paste passwords into commands :p

sindresorhus commented 4 years ago

On macOS 10.15 and later, an app needs accessibility permission to read window titles.

ibash commented 4 years ago

Yep, I noticed this via my time tracking app, so the issue title makes it seem worse than it is (since I've explicitly given permission to that app).

msagarpatel commented 2 years ago

I know this has been open for a while, but I kinda don't see the point being made. Yes, the entire command is visible in the window title, but passwords should not be passed as command line parameters anyway since other programs such as ps and top can see all arguments of any process, even without sudo or a suid binary.

Am I missing something, or should this be closed?

A good solution might be don't paste passwords into commands :p

This is the solution.

sindresorhus / pure