Leaving file in /tmp necessary? #10
Comments
|
Hi Peter, Indeed, these files remain on the remote, and would contain any passwords prompted. I see your point about this being a possible security concern. I think that removing the files afterwards would only partly make it more secure though, as an evil user on the remote could probably just monitor /tmp or retrieve deleted files in some way. However it would at least be a step in the right direction to remove the file. I will see when I have the time to work on this. Thanks for reporting! |
|
Thanks for responding, just letting you know, really useful lib otherwise. |
ghost
assigned 
|
Hi, I have a potential fix for this issue. Do I submit a pull request? Thanks |
|
Yes please :) On 25 August 2014 15:35, Vinay Bannai [email protected] wrote:
Jasper van den Bosch I'd love to see your attachment, but please use OpenDocument, not a |
|
Jasper, I have the changes in my git repo. I have tested it also. Or you can pull it from my github repo |
Hi,
I noticed that after a remove command is completed, the files "fexpect_" are not removed from /tmp on the remote machine. Is there any reason why this is not removed after the command is completed?
This file appears to contain the all the input from the prompted commands. In the cases where fexpect can be used to fill in passwords or other sensitive data, you can see this data in plain text in this file. On a remote server where other users can easily access /tmp, this could be an issue.
Or is fexpect not really for use with things like automatically entering in passwords?
Thanks!
Peter
The text was updated successfully, but these errors were encountered: