Some programs just suck. Let me get a bit more specific. Some programs suck because they don't care for the user's privacy. This article deals with programs sucking in a command line way. Because they request a password on the command line. Their calls read like this:
Usage: pieceofdirtware --dostuff --user=username --pass=passwordNow, of course that works. And it sure is handy if you want to automate something since it won't need you to enter the password each time it runs. That can be handy -- granted. But it comes with several drawbacks:
- The password will be written to the history file of your shell. That is, anyone who can access it or your account is able to recover your password written in clear text with about zero time.
- The password is written visibly onto the screen/terminal as you enter the command line. While you may be willing to do that on your home computer, you may perhaps not want to do so in a demonstration scenario where you didn't think of this specific program command line during preparation. Or you just have some colleages who ask you how you use the command line.
- On multiuser systems, the password may even be visible to other users by the means of tools such as
top, who allow to see which command is currently executed by which user.
Now, the idea is easy: Wrap a shim around the crapware which allows you to enter specific parameters to stdin -- without echo, if necessary. Then call the binary with the sensitive information in the commandline -- which is invisible (granted, it's still in RAM in clear text). The shim is to be called like this:
Usage: shim binary [arg] [arg] [...]where each occurrence of a
%will be replaced by strings entered (invisibly in case of
%) by the user. Thus, the call to
pieceofdirtwareas shown above would now look like this:
shim pieceofdirtware --dostuff --user=username --pass=%
The code is nothing really great, it's coded down quick and dirty. Main objective: Get the job done. It's BSD-licensed, so essentially, do with it what you want. You can find it at down/shim.c.