A little tool to keep passwords out of the history file.

The problem

Some programs just suck. Let me get a bit more specific. Some programs suck because they don't care for the user's privacy. This article deals with programs sucking in a command line way. Because they request a password on the command line. Their calls read like this:

Usage: pieceofdirtware --dostuff --user=username --pass=password
Now, of course that works. And it sure is handy if you want to automate something since it won't need you to enter the password each time it runs. That can be handy -- granted. But it comes with several drawbacks: Bottom line: It's a bad idea to use a sensitive password by command line. Unfortunately some pieces of software comes as it is and enforces such dumbhead usage.

The solution

Now, the idea is easy: Wrap a shim around the crapware which allows you to enter specific parameters to stdin -- without echo, if necessary. Then call the binary with the sensitive information in the commandline -- which is invisible (granted, it's still in RAM in clear text). The shim is to be called like this:

Usage: shim binary [arg] [arg] [...]
where each occurrence of a + or % will be replaced by strings entered (invisibly in case of %) by the user. Thus, the call to pieceofdirtware as shown above would now look like this:
shim pieceofdirtware --dostuff --user=username --pass=%

The code

The code is nothing really great, it's coded down quick and dirty. Main objective: Get the job done. It's BSD-licensed, so essentially, do with it what you want. You can find it at down/shim.c.

Stichworte:


Impressum