# Communicating with the clipboard at the command line



## blb (Apr 29, 2001)

Just found you can communicate (copy/paste) with the clipboard (or pasteboard) from the command line; most likely to be found useful in shell scripts...

The commands are pbcopy and pbpaste:

echo -n "copy this" | pbcopy

copies the string 'copy this' to the clipboard (the -n is to keep echo from adding a newline).

Simply running pbpaste will output what's in the clipboard.


----------



## marmoset (Apr 29, 2001)

> _Originally posted by blb _
> *Just found you can communicate (copy/paste) with the clipboard (or pasteboard) from the command line; most likely to be found useful in shell scripts...
> *



Cool!  Sounds like that could be very useful
in conjunction with AEShell OSAX from
within Applescript as well...


----------



## deev (Apr 10, 2003)

As useful as this command can be, I seem to be stuck with it. Whenever I start a new shell, it runs "pbpaste | sh" and if there happens to be some text in the clipboard, this will get pasted and executed, which generally generates a "command not found".

I have looked in (some of these files didn't exist for me):
/etc/csh.cshrc
/etc/csh.login
~/.tcshrc & ~/.tcshistory
~/.cshrc
~/.history
~/.login
~/.cshdirs

This particular command isn't in any of these files. Is there some way I can reset my Terminal back to "vanilla" or the likes? My apologies if this is the wrong place to post such a question!

Please help, this is very annoying.  

deev


----------



## symphonix (Apr 10, 2003)

*Deev:* Have you checked the Terminal Preferences dialog? it is possible to set a command to be executed each time a term window opens by putting it here.
You might also delete the com.apple.Terminal.plist file from ~/Library/Preferences.

*BLB:* Thanks for the tip! That could make some really nifty shell script tricks that would be the envy of any Linux geek.


----------



## deev (Apr 10, 2003)

> _Originally posted by symphonix _
> *Deev: Have you checked the Terminal Preferences dialog? it is possible to set a command to be executed each time a term window opens by putting it here.
> You might also delete the com.apple.Terminal.plist file from ~/Library/Preferences.*



Cheers symphonix!! I checked the Preferences, but it was just set to the default. However, after deleting my .plist file the mysterious command was gone. Yay! All I had to do was reset my window settings (am a big fan of white on deep blue) and away I go!

I shoulda known it would be something simple (relatively!).  

Thanks again,
deev


----------



## michaelsanford (Apr 12, 2003)

blb, that is way .

What happens, though, if someone logs in over SSH, who is not the same user as the one at the con, and tries pbpaste? Will it display the console's clipboard ?!


----------



## TommyWillB (Apr 12, 2003)

Picking up on what michaelsanford asked... I presume command line pbcopy & pbpaste are users specific?

So if I'm loggend in as me vs another user,  will that will only affect that particular user?

If I login vi ssh and do this at the same time someone is on the Machine GUI could I screw with their paste board by doing this at the same time they are?

Are tehre security issues here?


----------



## onan (Apr 15, 2003)

Unfortunately, there is a single, globally readable and writable clipboard. Which is to say, yes, there is a huge security hole.

Unprivileged users can use tools like this to view whatever is on another user's (including root's) clipboard. Worse, another using writing anything to "their" clipboard will also change what all other users get.

Note that the problem isn't with pbcopy/pbpaste in particular, but rather the overall design of the clipboard service. Even if you remove these tools from your system, a user could create or install similar tools without needing any elevated privileges.

I've been complaining to Apple about this literally for years. This is one of a few issues which make macosx completely unsuitable as a production server platform in my mind.


----------



## michaelsanford (Apr 15, 2003)

Wow thanks onan; I kind of said that tongue-in-cheek assuming that something so blatant couldn't possibly be a security hole.

Most people wouldn't think of the clipboard as a security hole but take this situation: I receive an encrypted message which is honestly sensitive, and have to uge PGPMail's freeware clipboard decryption tool to decrypt it. As soon as I do, a cron job running every 5 seconds outputs the clipboard to a file, then downloaded later by whomever.

hmm good bye clipboard encryption hello gpg...

Oh man, you can even use PHP or Perl to execute a shell command and write the contents of a server's clipboard to an email 

If you want more people to help you complain to Apple, add me to the list (PM me let's start a petition lol).


----------



## TommyWillB (Apr 15, 2003)

Hmmmm...

It was not that I didn't beleive you, but I really wanted you to be wrong about this... So I tried it... 

In fact I can log into command line as root and do copy/paste of my regular user's buffer.

Time for someone to make an AppleScript wrapper of this so that the buffer is replaced with "" after you paste...


----------



## michaelsanford (Apr 15, 2003)

I'm working on that right now 

Ok how about this. I'm writing a little shell app that would run via crond, and check the pb for specific strings defined by the user like "---PGP ENCRYP", "MasterCard" whatever, and then clear the pb after a specified about of time, like 10 seconds or something.

It would have limited use though, especially since most people don't have multiple users or open access on their desktop systems...


----------



## onan (Apr 18, 2003)

Unfortunately, narrowing the window in which people can read your sensitive information is a fairly limited solution. Even a second or two is all the time in the world for an automated attack.

And this still doesn't address the even more alarming issue of random users being able to modify or alter the pasteboard's contents. If I know an admin has the habit of modifying user accounts with the clipboard, I can write something to subtly modify that information, and change passwords to ones of my choosing, change my UID to zero, change my shell...

You could reimpliment your own cli clipboard, with scripts that just redirect into and out of a file in your homedir, which would at least be unique to you. But that wouldn't interact with the gui clipboard at all, vastly reducing its utility.

Unfortunately, I don't think this is a problem that can be truly solved by anyone other than Apple.


----------



## michaelsanford (Apr 18, 2003)

I was thinking about that, and yeah you're right all you need is a cron job that runs every second.

One could write a kernel extension (kext) that traps the clipboard communiction, but that is _way_ beyond my skill...

I have been hounding my hosting provider to give me shell access on the OS X Server machines, now I see why he won't...


----------



## wiz (Apr 18, 2003)

WOW! major security issue.

BTW: speaking of security, is there any way to disable keyboard probes, or whatever they are callled, those tiny processes running in the background loging all ur keystrokes. It seems on windows platforms with eh, single user access, it's quite impossible?


----------



## michaelsanford (Apr 19, 2003)

Yes as far as I know there's no way to prevent _keyloggers_ from trapping what you type.

Well, of course, we're only talking about once they're running. If you can prevent one being installed in the first place, that's much better...


----------

