Secure Passwords in Memory

[Eric Gillespie, Jr.]

On Sat, Sep 30, 2000 at 06:10:22PM -0400,
Alex <the_brain at mit.edu> wrote:
> I don't think you're going to get the string zero'd out of memory
> without writing some C somewhere, but perhaps a better thing to do would
> be to write a setuid wrapper for the program that python is to call, or
> just run the python program as root.  I can't think of any situations
> that those two solutions wouldn't cover, offhand.

Writing a C module wasn't the problem, i just didn't want to do
it. If i'm going to write a C module i'll probably just write the
password prompting stuff in C too.

As for the buffer suggestion in your other message, i couldn't
find any information on it except the buffer() built-in function
which creates some undocumented buffer object. I don't think this
will work anyway because i'll still have to copy this to a string
at some point.

> 
> Anything-to-escape-working-on-finishing-my-degree'ly yrs
> Alex.
> 
> #include "Python.h"
> 
> PyObject *zero_out(PyObject *self, PyObject *args) {
> 
>   char *python_string;
>   int   string_length;
>   int   string_idx;
> 
>   if (!PyArg_ParseTuple(args,"s#", &python_string, &string_length)) {
>     return NULL;
>   }
> 
>   for (string_idx = 0; string_idx < string_length; string_idx++) {
>     python_string[string_idx] = '\0';
>   }
> 
>   Py_INCREF(Py_None);
>   return Py_None;
> }
> 
> 
> static PyMethodDef zero_outMethods[] = {
>   {"zero_out", zero_out, METH_VARARGS},
>   {NULL, NULL}
> };
> 
> void initzero_out() {
> 
>   (void)Py_InitModule("zero_out", zero_outMethods);
>   
> }
> 

-- 
Eric Gillespie, Jr. <*> epg at progenylinux.com
Software Developer
Progeny Linux Systems - http://progenylinux.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20000930/73997986/attachment.sig>