Java to securely execute a shell command

Question

What would be a good solution to ensure information security and integrity in the following scenario:

A Java application needs to do some initial work, then pass credentials (for example, a username and a password) to a shell command which will do some processing (possibly make requests over https, amongst other operations) and then return a private token to the Java application.
Let's assume for this discussion that the functionality of the shell command cannot be replicated in Java without reasonable effort and most of it is closed-source.

What would be a good manner to ensure neither the credentials nor the token can easily be hijacked by a third party?
Assume, that the IO can be customized as necessary in both the Java application and the shell command.

---

^{Icons from Saki & Untergunter}

Answer 1

The most secure solution here is to use pipes between the processes, i.e. pass the user name and password via stdin to the child process and read the token from it's stdout.

Explanation: You have four options to pass data between processes:

1. Command line parameters
2. Files
3. Pipes
4. Shared memory

Solution #1 is bad because everyone on the same computer can see the arguments for all processes with a simple ps -ef.

Files are better but you need to be careful with the permissions. If this was just a one-process problem and a Unix file system, you could create file file and delete it without closing. That would give you a file handle which only your process can see. But you can't pass this handle to other processes.

Shared memory is too complex to set up.

Pipes are a kind of shared memory but the OS and all APIs are already setting them up for you. The data passed through the pipes is only visible to the two processes involved and no one else (well, an attacker could install a kernel module but if that's possible, you don't have any security anyway, no matter what you do).