CodeMirror/xpipe
1
0
Fork 0
mirror of https://github.com/xpipe-io/xpipe.git synced 2024-06-30 20:10:57 +12:00
Code Issues Packages Projects Releases Wiki Activity

Update readmes

Browse source
This commit is contained in:
crschnick 2023-08-10 16:40:48 +00:00
parent b7704b8013
commit 6666b5bd65
2 changed files with 29 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
README.md
View file

@ -6,11 +6,11 @@ XPipe is a new type of shell connection hub and remote file manager that allows
XPipe fully integrates with your tools such as your favourite text/code editors, terminals, shells, command-line tools and more. The platform is designed to be extensible, allowing anyone to add easily support for more tools or to implement custom functionality through a modular extension system. XPipe fully integrates with your tools such as your favourite text/code editors, terminals, shells, command-line tools and more. The platform is designed to be extensible, allowing anyone to add easily support for more tools or to implement custom functionality through a modular extension system.
The full feature set is currently supported for: It currently supports:
- [Kubernetes](https://kubernetes.io/) clusters, pods, and containers - [Kubernetes](https://kubernetes.io/) clusters, pods, and containers
- [Docker](https://www.docker.com/) and [LXD](https://linuxcontainers.org/lxd/introduction/) container instances located on any host - [Docker](https://www.docker.com/), [Podman](https://podman.io/), and [LXD](https://linuxcontainers.org/lxd/introduction/) container instances located on any host
- [SSH](https://www.ssh.com/academy/ssh/protocol) connections - [SSH](https://www.ssh.com/academy/ssh/protocol) connections, config file connections, and tunnels
- [Windows Subsystem for Linux](https://ubuntu.com/wsl) instances - [Windows Subsystem for Linux](https://ubuntu.com/wsl), [Cygwin](https://www.cygwin.com/), and [MSYS2](https://www.msys2.org/) instances
- [Powershell Remote Sessions](https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.3) - [Powershell Remote Sessions](https://learn.microsoft.com/en-us/powershell/scripting/learn/remoting/running-remote-commands?view=powershell-7.3)
- Any other custom remote connection methods that work through the command-line - Any other custom remote connection methods that work through the command-line
@ -83,6 +83,8 @@ You can also install XPipe by pasting the installation command into your termina
##### Linux / MacOS ##### Linux / MacOS
The script supports installation via `apt`, `rpm`, and `pacman` on Linux, plus a `.pkg` install on macOS:
``` ```
bash <(curl -sL https://raw.githubusercontent.com/xpipe-io/xpipe/master/get-xpipe.sh) bash <(curl -sL https://raw.githubusercontent.com/xpipe-io/xpipe/master/get-xpipe.sh)
``` ```
@ -93,13 +95,6 @@ bash <(curl -sL https://raw.githubusercontent.com/xpipe-io/xpipe/master/get-xpip
powershell -ExecutionPolicy Bypass -Command iwr "https://raw.githubusercontent.com/xpipe-io/xpipe/master/get-xpipe.ps1" -OutFile "$env:TEMP\get-xpipe.ps1" ";" "&" "$env:TEMP\get-xpipe.ps1" powershell -ExecutionPolicy Bypass -Command iwr "https://raw.githubusercontent.com/xpipe-io/xpipe/master/get-xpipe.ps1" -OutFile "$env:TEMP\get-xpipe.ps1" ";" "&" "$env:TEMP\get-xpipe.ps1"
``` ```
### Notes for Bitdefender users
Right now, for some reason, only Bitdefender really does not like XPipe doing anything on your system.
It will instantly quarantine the application when it opens a shell *plus the system shells itself*,
so it can prevent you from opening any shell on your own afterward.
For more information, see the [security page](https://github.com/xpipe-io/xpipe/blob/master/SECURITY.md#antivirus-programs).
## Further information ## Further information
For information about the security model of XPipe, see the [security page](/SECURITY.md). For information about the security model of XPipe, see the [security page](/SECURITY.md).

68
SECURITY.md
View file

@ -57,71 +57,50 @@ The general approach of XPipe can be summarized as follows:
### Storage of sensitive information ### Storage of sensitive information
All XPipe data is exclusively stored on your local machine at `~/.xpipe/storage`. All XPipe data is exclusively stored on your local machine at `~/.xpipe/storage`. You can choose to change this storage location in the settings menu.
You can choose to change this storage location in the settings menu.
All sensitive information is encrypted when it is saved to disk on your local machine using AES You have the option to either fetch any sensitive information like passwords from outside sources like prompts or password managers. In that case, XPipe doesn't have to store any of that information itself.
with either:
In case you choose to store passwords within XPipe, all sensitive information is encrypted when it is saved to disk on your local machine using AES with either:
- A custom master key that can be set by you in the settings menu - A custom master key that can be set by you in the settings menu
(This option is only as secure as the password you choose) (This option is only as secure as the password you choose)
- A somewhat dynamically generated key (This option can be reverse - A somewhat dynamically generated key (This option can be reverse
engineered though, there is no way of perfectly securing your data without any custom key) engineered though, there is no way of perfectly securing your data without any custom key)
It is also planned that you will be able to
source passwords and more directly from other external sources such as password managers in the future.
### Passing of sensitive information ### Passing of sensitive information
When any kind of login information is required by a command-line program, it has to be passed to it somehow. When any kind of login information is required by a command-line program, it has to be passed to it somehow. If the program runs on your local system, the data does not leave your local system. If login information is required on a remote system, then that data must be transferred to that remote system.
If the program runs on your local system, the data does not leave your local system.
If login information is required on a remote system, then that data must be transferred to that remote system.
In case a program accepts password input via stdin, this process is relatively straightforward. In case a program accepts password input via stdin, this process is relatively straightforward. Then the passed sensitive information is just written into the stdin of the program and does not show up in any history or file system.
Then the passed sensitive information is just written into the stdin of the program and does not show up in any history
or file system.
When a program only accepts password input via an environment variable or an askpass program, When a program only accepts password input via an environment variable or an askpass program, a self deleting password supplier script file is generated by XPipe.
a self deleting password supplier script file is generated by XPipe. This script contains the encrypted password and will supply the password to the target program exactly once when invoked and immediately deletes itself afterward.
This script contains the encrypted password and will supply
the password to the target program exactly once when invoked and immediately deletes itself afterwards.
This behavior ensures that there is no leftover password script after an operation is performed. This behavior ensures that there is no leftover password script after an operation is performed.
As a secondary measure, for cases in which the calling program crashes As a secondary measure, for cases in which the calling program crashes and is not able to execute the script and therefore doesn't delete the password script, the generated script directory is also frequently cleaned.
and is not able to execute the script and therefore doesn't delete the password script, As a result, no sensitive information of yours should show up in any kind of shell history or on any file system.
the generated script directory is also frequently cleaned.
As a result, no sensitive information of yours should show
up in any kind of shell history or on any file system.
### The purpose of shell scripts ### The purpose of shell scripts
Whenever you open a remote connection in a terminal from XPipe, you will notice that your terminal shows Whenever you open a remote connection in a terminal from XPipe, your terminal sometimes shows the name of a script located in your temp directory in the title bar to indicate that you're currently executing it.
the name of a script located in your temp directory in the title bar to indicate that you're currently executing it. The naming scheme of these scripts is usually something like `exec-<id>.(bat|sh|ps1)`.
The naming scheme of these scripts is usually something like `xpipe/exec-<id>.(bat|sh|ps1)` This is intended as these scripts contain all commands that are required to realize the functionality of connecting and initializing the shell environment.
This is intended as these scripts contain all commands that are required These scripts do not contain any sensitive information, you are free to inspect them yourselves in the temp directory.
to realize the functionality of connecting and initializing the shell environment.
These scripts do not contain any sensitive information,
you are free to inspect them yourselves in the temp directory.
In case a script connects to a remote system and passes login information to a program via variables or askpass In case a script connects to a remote system and passes login information to a program via variables or askpass
programs, programs, it automatically becomes useless after being invoked once (See [above](#passing-of-sensitive-information)).
it automatically becomes useless after being invoked once (See [above](#passing-of-sensitive-information)). As the script is run immediately after it is created initially, e.g. when using the `Open in terminal` functionality, it becomes useless pretty much instantly so any attacker doesn't obtain any sensitive information from it.
As the script is run immediately after it is created initially, e.g.
when using the `Open in terminal` functionality, it becomes useless pretty much
instantly so any attacker doesn't obtain any sensitive information from it.
### Logging ### Logging
By default, XPipe creates log files located in `~/.xpipe/logs`. By default, XPipe creates log files located in `~/.xpipe/logs`. These log files do not contain any sensitive information.
Under normal conditions these log files do not contain any sensitive information. If you choose to launch XPipe in debug mode, these logs are printed to the console instead and will contain a lot more and finer grained information, some of which might be sensitive.
If you choose to alter the log level in the settings menu or launch XPipe in debug mode,
these log files will contain a lot more and finer grained information, some of which might be sensitive.
### Issue reports ### Issue reports
Whenever an error occurs within XPipe or you choose to open the error reporter dialog, Whenever an error occurs within XPipe or you choose to open the error reporter dialog, you have the option to automatically send an error report with optional feedback and attachments.
you have the option to automatically send an error report with optional feedback and attachments. This error report does not contain any sensitive information, unless you explicitly choose to attach log files.
This error report does not contain any sensitive information unless
you explicitly choose to attach debug mode log files (See above).
## Isolation of systems ## Isolation of systems
@ -129,8 +108,7 @@ Any infected remote system should be isolated enough such that any infection can
### User isolation ### User isolation
All relevant files like configuration files and other required temporary files All relevant files like configuration files and other required temporary files are only accessible by the current user.
are only accessible by the current user.
Any other user on a system can't read or write them unless they have root/Administrator privileges. Any other user on a system can't read or write them unless they have root/Administrator privileges.
### Isolation of remote systems ### Isolation of remote systems
@ -144,7 +122,7 @@ other information stored by XPipe that is not explicitly sent to that host.
## Antivirus programs ## Antivirus programs
### Windows ### Windows Defender
It may occasionally happen that Windows Defender warns and It may occasionally happen that Windows Defender warns and
even sometimes deletes XPipe due to it identifying the application as malware. even sometimes deletes XPipe due to it identifying the application as malware.
@ -169,7 +147,7 @@ On macOS the application bundle is signed and notarized and will therefore not e
For macOS this process does not require a company to be For macOS this process does not require a company to be
set up and also only costs 125$ per year and is therefore much easier to accomplish. set up and also only costs 125$ per year and is therefore much easier to accomplish.
### Malware detection ### Windows antivirus programs
In some cases, it might occur that your antivirus program flags XPipe as malware. In some cases, it might occur that your antivirus program flags XPipe as malware.
This is due to the fact that XPipe launches shells and executes various commands in them, This is due to the fact that XPipe launches shells and executes various commands in them,