krypted.com

Tiny Deathstars of Foulness

Just some one-liners you may find useful… I’ve written about codesign a few times in the past. To see a detailed description of how an app was signed:

codesign -dvvvv /Applications/Firefox.app

This also gives you the bundleID for further inspection of an app. But there are a number of tools you can use to check out signing and go further into entitlements and sandboxing. You can check the 

asctl sandbox check --bundle com.microsoft.outlook

The response would be similar to 

/Applications/Microsoft Outlook.app:

signed with App Sandbox entitlements

In the above, we see that Outlook has entitlements to do some stuffs. But where do you see an indication of what it can do? There are a number of sandbox profiles located in /usr/share/sandbox and the more modern /System/Library/Sandbox/Profiles/ and Versions/A/Resources inside each framework should have a .sb file – but those are the Apple sandbox profiles. Additionally, you can see what each app has access to using the container_check.rb script:

/usr/libexec/AppSandbox/container_check.rb -c com.microsoft.outlook --for-user charles.edge --stdout

Simply strip the -c followed by the container and you’ll get a list of all apps. When you’re building and testing sandbox profiles for apps you plan to compile, you may want to test them. To do so, use sandbox

sandbox-exec -f /usr/share/sandbox/lockdown.sb /Applications/TextEdit.app/Contents/MacOS/TextEdit 

As of 10.14, any app looking to access Location Services, Contacts, Calendars, Reminders, Photos, Camera, Microphone, Accessibility, the hard drive, Automation services, Analytics, or Advertising kit will prompt the user to accept that connection. This is TCC, or Privacy Preferences. You can programmatically remove items but not otherwise augment or view the data, via the tccutil command along with the only verb currently supported, reset: 

tccutil reset SERVICE com.smileonmymac.textexpander

October 1st, 2018

Posted In: Mac OS X, Mac Security

Tags: , , , , , ,

By default, MySQL allows other services on the computer you’re running the daemon to connect to the database and denies any connections from hosts outside that computer. However, it’s pretty easy to provide access to the database from another host (for example, if you’re splitting up the back-end and front-end of a site, clustering, etc. To get started, you’ll edit your my.cnf file and find the [mysqld] section of the file. Then, locate the bind-address, which you will need to set as the IP of your server and comment out the line for skip-networking. Let’s say we’re going to open access for 192.168.2.2. The section would look similar to the following: [mysqld] user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp language = /usr/share/mysql/English bind-address = 192.168.2.2 # skip-networking Then restart MySQL and a listener should be running on the system. You can connect using the mysql command, with the -u option to define a user (root) and then the -h to define an IP (in this case 192.168.2.2): mysql -u root –h 192.168.2.2 –p You can also use the telnet command to attempt a connection into a given port, which in the MySQL case would be 3306: telnet 192.168.2.2 3306 Now, just because you can connect remotely doesnt necessarily mean that another computer can actually get into any databases. Next, we’ll GRANT access to ALL resources for a user called krypted for all tables on a new database, coming from an IP of 192.168.2.3: GRANT ALL ON *.* TO krypted@'192.168.2.3' IDENTIFIED BY 'mysupersecretpassword'; Or for an existing database called mydatabase, using the same IP and account as before: UPDATE DB set Host='192.168.2.3' where Db='mydatabase'; UPDATE USER set Host='192.168.2.3' where user='krypted'; You’ll also need to open up port 3306 coming in, whether that’s using a firewall or opening traffic in from the internets. Once that’s done, you should be able to connect and use the database as needed.

February 25th, 2016

Posted In: SQL

Tags: , , , , ,