1

What would be a good solution to ensure information security and integrity in the following scenario:

Figure 1

A Java application needs to do some initial work, then pass credentials (for example, a username and a password) to a shell command which will do some processing (possibly make requests over https, amongst other operations) and then return a private token to the Java application.
Let's assume for this discussion that the functionality of the shell command cannot be replicated in Java without reasonable effort and most of it is closed-source.

What would be a good manner to ensure neither the credentials nor the token can easily be hijacked by a third party?
Assume, that the IO can be customized as necessary in both the Java application and the shell command.

Icons from Saki & Untergunter

Improve this question
4
  • Your point is that you don't feel Runtime.getRuntime().exec("command here") is safe enough? Commented Feb 26, 2014 at 15:46
  • probably by creating custom methods that will run the command line just like exec() does, and then providing whether or not you want certain things to have editability Commented Feb 26, 2014 at 15:48
  • @mdrg Yes, I'm asking whether and what additional steps I can or should take when passing data to/from the command. Commented Feb 26, 2014 at 15:48
  • 2
    One point (general, not only for Java) is that the credentials should not be passed as arguments to the shell process but, e.g., over the input stream. Commented Feb 26, 2014 at 15:50

1 Answer 1

Reset to default
4

The most secure solution here is to use pipes between the processes, i.e. pass the user name and password via stdin to the child process and read the token from it's stdout.

Explanation: You have four options to pass data between processes:

  1. Command line parameters
  2. Files
  3. Pipes
  4. Shared memory

Solution #1 is bad because everyone on the same computer can see the arguments for all processes with a simple ps -ef.

Files are better but you need to be careful with the permissions. If this was just a one-process problem and a Unix file system, you could create file file and delete it without closing. That would give you a file handle which only your process can see. But you can't pass this handle to other processes.

Shared memory is too complex to set up.

Pipes are a kind of shared memory but the OS and all APIs are already setting them up for you. The data passed through the pipes is only visible to the two processes involved and no one else (well, an attacker could install a kernel module but if that's possible, you don't have any security anyway, no matter what you do).

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yes, you can pass the handle to other processes (via a pipe). But that is shooting gnats with a tank here ;-)
@vonbrand: Hm... I wasn't aware of that. Is that possible from Java as well? Since I can't get the OS's file handle, I would assume this could be complicated...
You are right, I was thinking C (not a Java fan by any stretch of the imagination...)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.