fexpect
fexpect copied to clipboard
JasperVanDenBosch
Leaving file in /tmp necessary?
Hi,
I noticed that after a remove command is completed, the files "fexpect_
This file appears to contain the all the input from the prompted commands. In the cases where fexpect can be used to fill in passwords or other sensitive data, you can see this data in plain text in this file. On a remote server where other users can easily access /tmp, this could be an issue.
Or is fexpect not really for use with things like automatically entering in passwords?
Thanks! Peter
Hi Peter,
Indeed, these files remain on the remote, and would contain any passwords prompted.
I see your point about this being a possible security concern.
I think that removing the files afterwards would only partly make it more secure though, as an evil user on the remote could probably just monitor /tmp or retrieve deleted files in some way. However it would at least be a step in the right direction to remove the file.
I will see when I have the time to work on this.
Thanks for reporting!
Thanks for responding, just letting you know, really useful lib otherwise.
Hi,
I have a potential fix for this issue. Do I submit a pull request?
Thanks Vinay
Yes please :)
On 25 August 2014 15:35, Vinay Bannai [email protected] wrote:
Hi,
I have a potential fix for this issue. Do I submit a pull request?
Thanks Vinay
— Reply to this email directly or view it on GitHub https://github.com/ilogue/fexpect/issues/10#issuecomment-53346170.
Jasper van den Bosch ilogue.com/jasper
I'd love to see your attachment, but please use OpenDocument, not a proprietary format like docx. It's an international standard, endorsed by the EU, and implemented in many office suites, such as LibreOffice, and commercial products from Oracle, Sun, IBM and Microsoft (from 2007).
Jasper,
I have the changes in my git repo. I have tested it also. Should I push it on a branch?
Or you can pull it from my github repo
https://github.com/vbannai/fexpect/tree/fexpect_issue_25