"security" command line utility does not expand tilde in keychain paths in interactive mode
| Originator: | argentumko | ||
| Number: | rdar://21812218 | Date Originated: | 14-Jul-2015 |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | 10.10.4 (14E46) |
| Classification: | Security | Reproducible: | Always |
Summary: When "security" command line utility is used in interactive mode (launched with "-i" key) to manage keychains, any command that takes keychain file path as the last parameter will incorrectly treat that parameter if it's a relative path starting with a tilde (~). Instead of expanding the tilde to current user's home directory, the command appends that path to "/Users/<username>/Library/Keychains/" and uses the result as absolute path, creating directories if needed. This affects commands such as "create-keychain", "delete-keychain", "lock-keychain", "unlock-keychain", "set-keychain-password", "set-keychain-settings", etc. Steps to Reproduce: For example, say we want to create a keychain and put the keychain file on current user's desktop. 1. Launch Terminal. 2. Launch "security" in interactive mode by executing "security -i" 3. In the interactive console, paste "create-keychain "~/Desktop/test.keychain". You'll be asked to create and retype a password – anything will do. Expected Results: In this scenario, I expect the keychain file to be created on my desktop: in /Users/<username>/Desktop/test.keychain Actual Results: The keychain file is created at /Users/<username>/Libraries/Keychains/~/Desktop/test.keychain Version: OS X 10.10.4 (14E46) Notes: This issue does not affect non-interactive commands of "security" utility.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!