Add functionality to write to a temp file through url arguments

[vaishalikumanan]

trafficstars

This feature is similar to the existing option that allows url arguments to be passed in as command line arguments. Instead, we create a temporary file in /tmp/ and write the url arguments to this file, separated by newlines. The temporary file name is then passed to the command as a command line argument. Because of this behaviour, the command line args option and the temporary file option should be mutually exclusive.

We can then use this to pass secret values to the running process as command line arguments are easily visible through process status.

[tsl0922]

writing to a temp file without cleanup? I prefer setting it as env

[kahing]

@tsl0922 you are right that with temp file, we are relying on the receiver to delete the file. we considered passing via env var (https://github.com/tsl0922/ttyd/pull/745/) and one side effect is that env vars are easily visible if you run ps e.

While it's true that users with permissions to /proc/<pid>/environ would also have permission to read the temp file, internal security review prefers we reduce the likelihood of accidental information leakage.

Would you prefer if we add both the env and file options? We will only use the file option but maybe others will find the env option helpful too.

[kahing]

@tsl0922 any more thoughts on this?

[tsl0922]

@kahing sorry I'm a little busy this week, I'm OK with this feature, will review it soon.

[kahing]

@tsl0922 I updated the PR and addressed your comments. Let me know if you have more feedback

[kahing]

@tsl0922 Hi any updates?

[kahing]

@tsl0922 Hi any updates?

[kahing]

@tsl0922 hi any updates?

[kahing]

@tsl0922 Hi any updates on this PR?

[vaishalikumanan]

Hi @tsl0922, would you still be interested in this feature?

[kahing]

@tsl0922 hi this patch is a bit outdated, but we are happy to do the work to update it if you want to take this