SECURE!

Part of the CLIX 1.8.0a package released today.

CLIX is safer and more secure than the command line (Terminal.app). To achieve this security you must take a few steps. It's recommended you take these steps immediately.

Get It Try It

The Dangers!

Rather than enumerating the dangers here the CLIX user is referred to the Rixstep website where a plethora of articles on the subject is available. A good starting point might be to search through Google.

http://www.google.com/search?q=CLIX+site:rixstep.com

The Remedies!

The most important thing is to secure your sudo configuration. sudo is the program that escalates your privileges to 'root' - you don't want anybody or anything getting this privilege escalation except yourself.

1. You have to run visudo. From a command line. You must do this from an administrator account.
2. Go to a command prompt (Terminal.app) and type in 'sudo visudo'. You'll be prompted for your passphrase. Give it.
3. Use arrow down to get to the line that says '# Defaults specification'. Hit 'o' on your keyboard.
4. Type in 'Defaults tty_tickets'. Hit Enter. Type in 'Defaults:ALL timestamp_timeout=0'. Hit <Esc>.
5. You should now have this.

   # Defaults specification
   Defaults tty_tickets
   Defaults:ALL timestamp_timeout=0

6. Type ':q!' if you make a mistake and want to exit without saving changes.
7. Type ':w' followed by Enter then ':q' followed by Enter to save your changes.

What You've Done

You've just made sure interlopers can't 'piggyback' on your privilege escalation. Normally a privilege authentication is good for five minutes; this means any other process could try (repeatedly) to escalate to 'root' without a passphrase.

All Terminal.app sessions are run in so called 'TTYs'. Each Terminal window is a separate 'TTY'. Setting 'tty_tickets' stops Terminal.app windows from sharing privilege escalation; setting 'Defaults:ALL timestamp_timeout=0' stops rogue processes (or users) from 'piggybacking' on your previous privilege escalation - each new invocation of sudo will require your administrator passphrase.

Using CLIX

CLIX takes your administrator passphrase but never saves it to disk. CLIX also wipes its own memory and all other vestiges of your passphrase if your computer goes to sleep and 'kills' the sudo timestamp 'just in case', in effect securing the rest of your system (including Terminal.app) as well.

CLIX also prefaces and suffixes all its commands by killing the sudo timestamp for extra protection.

CLIX also sanitises your $PATH variable before running any commands, using an immutable kernel variable to do this. It also conducts a number consistency checks on startup and refuses to run commands if anything's been tampered with.

It's recommended that you secure all external scripts run through CLIX by making them read-only and owned by root. In addition you can use the new 'sudo prompt' feature to alert you whenever your command or a script it invokes is in turn invoking sudo.

Commands to configure this feature are found in ./etc/_clix.clix.