Sunday, 13 February 2011

Root shell in Mac OS X using system dialog

I run OS X as a standard user and often need to do admin-y things. I like OS X's use of sudo but feel uneasy about typing an administrator password into a terminal even with "Secure Keyboard Entry" on. Supposing somebody exploited some browser hole and got access as me, it seems to me it's just a little easier to alias sudo to something evil than it is to fake the system authentication dialog (the one provided by SecurityAgent). Using the SecurityAgent dialog has its problems (I'd really like to see the show-picture-chosen-by-user approach that online banking uses) but as I always trigger it explicitly it'd require a human to poke around. So, using a variant of the technique from Mac OS X Hints:

osascript -e \
"do shell script \
\"/Applications/Utilities/\" \
with administrator privileges" &>/dev/null &

This'll prompt for admin login details using the system authentication dialog (SecurityAgent) then start a new with a root shell inside. Conveniently enough it also turns the menu bar blue restores the default menu bar transparency whenever the terminal has focus, making it easy to tell which you're using even if you don't set a special background colour.

UPDATE : two minor disadvantages to this approach if you (constantly) have a Terminal running as a normal user:

  • if you quit the normal user Terminal, you can't restart it from the dock; seems the dock sees the root one and assumes your click is redundant

  • if you use OpenTerminalHere then it opens the new terminal in the root Terminal — which I guess means "Secure Keyboard Entry" prevents only eavesdropping and not stuffing commands/keys into it

No comments:

Post a Comment