GC and security
Les Schaffer
schaffer at optonline.net
Thu Aug 31 11:33:08 EDT 2006
Fredrik Lundh wrote:
> Fredrik Lundh wrote:
>
>> a time (if that's possible; if not, you may need to write a custom
>> extension that builds a command string in a C-level buffer, runs the
>> command, and then overwrites the buffer before returning).
myself, i enjoy building C extensions, but would rather skip it for this
app.
>
> on the other hand, subprocess seems to support the buffer interface, so
> the following slightly convoluted approach could be used instead of such
> an extension:
>
>>>> cmd = [101, 99, 104, 111, 32, 39, 104, 101, 108, 108, 111, 39]
>>>> cmd = array.array("b", cmd) # build mutable buffer
>>>> subprocess.call([buffer(cmd)], shell=True)
> 'hello'
>>>> for i in range(len(cmd)): cmd[i] = 0 # nuke it
i'll see if we can fit this into our subprocess scheme. if so, this is
good enough for now. think we'll use this for the mysql password too.
> the secret text will be visible in memory during the subprocess call,
> but it won't linger around once the for-loop has finished.
good enough for current rock and roll.
> (don't forget to put a try/finally clause around the critical part)
okey doky.
Les Schaffer
More information about the Python-list
mailing list