I have the following expect script which executes 'myexe' and passes some password as argument:
#!/usr/bin/expect
gets stdin pwd
log_user 0
eval spawn "/myexe ${pwd}"
log_user 1
expect eof
catch wait result
exit [lindex $result 3]
My executable 'myexe' is compiled Linux executable (not shell script) and the goal is to pass a password securely to it. Unfortunately the executable doesn't read the stdin for the password, but instead expects it as a start parameter.
When I execute the following expect script I cannot see my 'myexe' executable with 'ps'. Does somebody know if the 'spawn' performed by the expect is secure enough? Would the password be visible somewhere else (/proc for instance)?
Don't use eval here. It could be disastrous, depending on the contents of the password. This should suffice:
spawn /myexe $pwd
Anyone doing a ps -ef while myexe is running will be able to see the password.