Maintaining security while printing from 1PW in Mac

mwcl
mwcl
Community Member
edited November 2014 in Mac

I have been checking the 'caching' situation when printing items from 1PW on the Mac.

I seems that if you Open the print dialog in Preview, a file is written to disk (/private/var/folders//com.agilebits.onepassword-osx/printing./*pdf) which remains on disk after Preview is closed - it looks like they are deleted on reboot, but I doubt if this is done securely.

If you Save as PDF, it looks like the private file is not written to disk (or it may be, but is then deleted immediately).

Technically this is a Mac OS issue with printing but I wondered if your guys at Agile have researched this aspect of security.

We use printing to PDF often and I don't like the idea that client passwords are scattered all over the disk, probably in plain text (well, PDF encoded).

Look forward to a discussion on this topic.

Gary

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @mwcl‌ (Gary)

    I'm trying to replicate this but can't at the moment. Could you help me out please. Can you let us know what version of OS X and 1Password you're running.

    Then can you post a set of explicit steps that results in the pdf in the location you state. If you can use @littlebobbytables‌ in your post I'll get a notification when you post as I'm keen to see this.

  • mwcl
    mwcl
    Community Member

    Sure @littlebobbytables‌

    OSX 10.9.5
    1Password, Version 4.4.1 (441006), Mac App Store

    • Open 1PW main program
    • Search for a record (or use all)
    • CTRL-P (to print)
    • Enter master password
    • In print dialog, Open in Preview

    • From cmd
      sudo find /private/var/folders -name "pdf"
      /private/var/folders/06/80ybd1wn0g73ntl98dwghph40000gn/T/com.agilebits.onepassword-osx/printing.18832/Primary Vault - (null).pdf
      /private/var/folders/06/80ybd1wn0g73ntl98dwghph40000gn/T/com.agilebits.onepassword-osx/printing.18832/Primary Vault - (null).pdf.pset

    • Close Preview

    • From cmd
      sudo find /private/var/folders -name "pdf"
      /private/var/folders/06/80ybd1wn0g73ntl98dwghph40000gn/T/com.agilebits.onepassword-osx/printing.18832/Primary Vault - (null).pdf
      /private/var/folders/06/80ybd1wn0g73ntl98dwghph40000gn/T/com.agilebits.onepassword-osx/printing.18832/Primary Vault - (null).pdf.pset

    • View file from cmd (use your file name)
      open "/private/var/folders/06/80ybd1wn0g73ntl98dwghph40000gn/T/com.agilebits.onepassword-osx/printing.18832.1/Primary Vault - (null).pdf"

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @mwcl‌

    Thank you for that. I've been able to replicate your findings and what I can say is it hasn't changed on Yosemite either.

    What I could also observe is the pdf file is only created once you pass it to Preview, it doesn't exist in the Print Dialog in 1Password and it does't seem to exist if you print directly to an attached printer or if you save the pdf, it's only if you pass it to Preview.

    As this is involving Preview I'm not sure what we will be able to do about it but my role here is to pass this to our developers and let them puzzle it over :wink:

    Until then, you can of course clear out the files yourself and as I say (which you should be able to replicate) printing or saving as a pdf directly from our print dialog doesn't seem to leave this hidden file. If you find otherwise do let me know.

    ref: OPM-2641

  • mwcl
    mwcl
    Community Member

    Hi @littlebobbytables‌,

    Thanks for testing it. I can't be sure that the files are not created, then deleted by the print dialog (after all, some print files can be very big and it's likely Apple would have implemented or planned for swapping to disk). But in any case, the fact that the protected data exists in unencrypted form on a hard disk (which can be low level scanned) goes against the 1PW premise that your data is only ever decrypted when needed. In this case, the decryption is potentially permanent.

    On the one hand, I would not want Agile to remove print functionality as its used by many and is very useful.
    What I'm asking for is a low level investigation by your team to assess the security implications and ideally some up with a solution.
    Perhaps a search on how to recover printed data from Mac hackers forum might be a good starting point :)

    In the short term, we can of course delete the files (which happens at reboot) and scrub the free disk space using Disk Utils (although probably not advisable on an SSD drive but to life time issues with that type of drive).

    Look forward to hearing more in due course. Let me know if I can help in any way.

    Thanks
    MWCL

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Thanks for pointing this out @mwcl‌

    Other than see if there is a way to warn users, I'm not sure what we can do about this. Temporary copies may also end up in the print spooler, and if the printing isn't successful, things can stay there for a long time. (I believe that OS X still uses CUPS for print spooling, but it's been a while since I've looked at the details.)

    Unless we write our own print spooler and talk to printers directly (and this is not something I anticipate doing), then we are stuck with the fact that a number of processes, each of which may create not so "temporary" copies will handle the data. So the question is how best to alert people of this before they opt to print.

This discussion has been closed.