Secure Passwords in Memory
Alex
the_brain at mit.edu
Sat Sep 30 18:10:22 EDT 2000
> I searched DejaNews and found some similar topics, but nothing which
> really answered my question. I need to get the root password from the
> user to exec a program which requires root privileges. I would like to
> immediately zero out the memory used to store the password.
>
> This is easy in a language such as C, but i don't want to write a
> module just for this. I doubt 'del pw' or
This looked sort of interesting, so I wrote it. I'd be leery about
actually using it in a sensitive application unless someone with more of
a clue about python's internals looked it over and didn't find any
problems with it. So at least you don't have to write the C module
anymore, although you'll have to test and debug it (though it seems to
work on the cursory tests I've done.) :)
I don't think you're going to get the string zero'd out of memory
without writing some C somewhere, but perhaps a better thing to do would
be to write a setuid wrapper for the program that python is to call, or
just run the python program as root. I can't think of any situations
that those two solutions wouldn't cover, offhand.
Anything-to-escape-working-on-finishing-my-degree'ly yrs
Alex.
#include "Python.h"
PyObject *zero_out(PyObject *self, PyObject *args) {
char *python_string;
int string_length;
int string_idx;
if (!PyArg_ParseTuple(args,"s#", &python_string, &string_length)) {
return NULL;
}
for (string_idx = 0; string_idx < string_length; string_idx++) {
python_string[string_idx] = '\0';
}
Py_INCREF(Py_None);
return Py_None;
}
static PyMethodDef zero_outMethods[] = {
{"zero_out", zero_out, METH_VARARGS},
{NULL, NULL}
};
void initzero_out() {
(void)Py_InitModule("zero_out", zero_outMethods);
}
--
Speak softly but carry a big carrot.
More information about the Python-list
mailing list