Secure Passwords in Memory
David M. Cooke
cookedm at physics.mcmaster.ca
Sat Sep 30 22:56:02 EDT 2000
More information about the Python-list mailing list
Sat Sep 30 22:56:02 EDT 2000
- Previous message (by thread): Secure Passwords in Memory
- Next message (by thread): very newbie questions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At some point, "Eric Gillespie, Jr." <epg at progenylinux.com> wrote: > On Sun, Oct 01, 2000 at 10:56:49AM +1300, > matt <matt at virtualspectator.com> wrote: > > > Are you worried about someone snooping all your memory, or just > > having access to the core dump of a python process? If it is the > > latter, then it's nicer to catch termination signals and quit > > nicely. > > I'm worried about memory. How is someone who isn't root going to snoop all memory? I would be more worried about core files. I believe, in the development of Linux, when /proc/kmem was introduced (it's basically a virtual file of all memory) there was a discussion about someone using it to snoop on passwords, especially the root password. Alan Cox stopped the discussion by pointing out that only root could access /proc/kmem, so what was the problem? Admittedly, you should still zero out passwords :-) If you eventually write a C module, you might want to look at the mlock(2) call, which locks a region in memory, so it isn't swapped. However, only root can use this, limiting it's utility. -- |>|\/|< ---------------------------------------------------------------------------- David M. Cooke cookedm at mcmaster.ca
- Previous message (by thread): Secure Passwords in Memory
- Next message (by thread): very newbie questions
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list