Secure Passwords in Memory
Eric Gillespie, Jr.
epg at progenylinux.com
Sat Sep 30 18:37:05 EDT 2000
On Sat, Sep 30, 2000 at 06:10:22PM -0400,
Alex <the_brain at mit.edu> wrote:
> I don't think you're going to get the string zero'd out of memory
> without writing some C somewhere, but perhaps a better thing to do would
> be to write a setuid wrapper for the program that python is to call, or
> just run the python program as root. I can't think of any situations
> that those two solutions wouldn't cover, offhand.
Writing a C module wasn't the problem, i just didn't want to do
it. If i'm going to write a C module i'll probably just write the
password prompting stuff in C too.
As for the buffer suggestion in your other message, i couldn't
find any information on it except the buffer() built-in function
which creates some undocumented buffer object. I don't think this
will work anyway because i'll still have to copy this to a string
at some point.
>
> Anything-to-escape-working-on-finishing-my-degree'ly yrs
> Alex.
>
> #include "Python.h"
>
> PyObject *zero_out(PyObject *self, PyObject *args) {
>
> char *python_string;
> int string_length;
> int string_idx;
>
> if (!PyArg_ParseTuple(args,"s#", &python_string, &string_length)) {
> return NULL;
> }
>
> for (string_idx = 0; string_idx < string_length; string_idx++) {
> python_string[string_idx] = '\0';
> }
>
> Py_INCREF(Py_None);
> return Py_None;
> }
>
>
> static PyMethodDef zero_outMethods[] = {
> {"zero_out", zero_out, METH_VARARGS},
> {NULL, NULL}
> };
>
> void initzero_out() {
>
> (void)Py_InitModule("zero_out", zero_outMethods);
>
> }
>
--
Eric Gillespie, Jr. <*> epg at progenylinux.com
Software Developer
Progeny Linux Systems - http://progenylinux.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 240 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20000930/73997986/attachment.sig>
More information about the Python-list
mailing list