I am reading the other process memory from python script by just opening /proc/pid/mem:
reader = open(f'/proc/{pid}/mem', 'rb')
and then reading from the random places:
reader.seek(address, 0)
memory_content = reader.read(length)
Everything is fine, but the fact, that to open /proc/pid/mem I have to sudo the whole python script. Of course, for the sake of sanity, I don't want to do that. What are my options?
If I understand correctly, I can not sudo chmod /proc/pid/mem to allow everybody to read from that process memory (please, correct me, if I am wrong)
I can not open some single file with root privileges from the non-root python script (once again, please, correct me if I am wrong)
Maybe I can create some kind of hard link to the /proc/pid/mem, which would look like a file that does not require to have root access to read from?
Or maybe the easiest way would be to create a proxy program, that would be run from the actual python script with root privileges, that would read from /proc/pid/mem and with which I would somehow cross-process interact?
You need the proxy.
Your hard link method doesn't work as the permissions remain the same.
Even if you could give everybody read access to proc/mem, what exactly would you gain with that? From security perspective it would be better to make your whole script run as root and hope you've got it right. There is at least a change for that. By opening memory for everybody to read you would allow anybody harvest secrets from memory making it free for all. So definitely not this one.
If you end up doing the proxy, if you want to do it in Python, you of course need sudo to run that but that will work. I have written such helpers in C and made them suid root - but this is a matter of preference.
Related
I'm trying to restrict write and read access to a Python file. Suppose I have the following code:
with open('test.py', 'w+') as file:
file.write('''
open("document.txt", "w+").write("Hello, World!")
open("document.txt", "r+").read()
''')
By executing this code, a new file is created that in the new file there are two lines of code to write and read a another file.
I want the file created by executing this code (test.py) to hit PermissionError while running and not be able to create a new file or read it; Also, this file is only executable and normal commands work in it, but it can not access other files.
If I read you correctly, this is not a python problem, but an environment problem. I understand the question as something like 'how do I prevent python code from executing arbitrary reads or writes?'. There would be a trivial solution (modifying the generated test.py so it throws an error) but presumably that's not what you want.
The easiest way to make python hit a PermissionError... is to make sure it doesn't have permissions. So run your code as a user with extremely limited permissions---specifically no write permissions anywhere---or perhaps no default permissions at all, and use something like facls to grant permission to read specific files explicitly from a more priveleged sentinel process. (This assumes you are running Linux, but there are likely other ways to do this in different OSs).
Alternatively, look into various sandboxing techniques to give you a python interpreter with the relavent modules replaced with modules which throw errors, or an environment where outside modification is impossible.
It would help if you made it clearer why this is important, and why you are writing a python script with another python script (is this just an example of malicious action?).
You could technically change the permission of the file itself on the filesystem your trying to access.
Check the previous thread about changing permissions
os.chmod(path, <permission value>)
Where 000 is to disable anyone other than root to edit on linux.
I have a project in mind, but there is a section that I don't know how to do. I'm using Python version 3.6 and windows 10. For example we have a file name of "example.txt" I want to prevent the name and its content of this file from being changed.
I did research on this topic, but I could not reach any research. Can we prevent the file's name (including its extension) from changing or its contents?To realize this, I think it is necessary to start as an administrator.
Thanks.
It is possible to stop another program from editing a file by locking it in python.
There is a module that does this called filelock. Take a look at the source code to see how it is done.
It is also worth noting that more advanced ransomware will try to stop processes so they can encrypt files, so this might not work in all cases.
The code inside of a python file randomly deleted, is there anyway to restore? It is a file of 3.70 KB but when opened and put into a text document there is nothing.
Open with python to see what it contains
with open('deleted.py', 'rb') as f:
print(repr(f.read()))
Since you are a new user I am assuming you are new to code development etc. Therefore, you should look at some versioning control tools like:
SVN
Github
Gitlab
There are some more, but these are the most common ones. They are used to store your code and to revert you code if you mess up. They are also used to merge codes when different programmers are changing it. For the moment this will not help but will help in the future.
For now you may look at some restore tools but I highly doubt it that you are able to recreate the file. Another possiblity is: when you haven IDE to look at your command history. Maybe you executed the script and you can find the executed script as commands in the command history.
My question is somewhat unique. I am currently working on a project for my computer forensics class. This project is aimed at hiding disk data from investigators. The method by which this is supposed to be achieved is by writing the bytes of a "clean" file over the "bad" file. Once overwritten, the "bad" file is deleted.
This concept sounds simple enough, but what my partner and I have observed is interesting. If we open a file in a python script, we can easily overwrite the memory associated with that file on disk (verified using dd). We can also easily delete a file using from inside the script. However, a write then delete results in no write actually taking place, only the file's removal.
This makes sense from an OS optimization standpoint. From that point, we thought it might work if we split the writing and deleting into two separate scripts, and controlled both by a third. However, it seems that even if we run the scripts as a subprocess of another script, the same thing happens. We've tried to use bash scripts for the deletion process instead of pure python, and still, nothing sticks.
This project was supposed to be a whole mess of little anti-forensics tools like this, but this particular one has captured our whole attention because of this issue. Does anyone have an idea as to why this is happening and what we can do to move forward?
We know this can be achieved in C, etc, but we want to solve this using python because of the interesting constraints it's presented.
---EDIT---
This is a snippet from our controller, it calls "ghost.py" with the associated params.
ghost.py prints the edited file names/paths to stdout.
Relevant code follows:
proc = subprocess.Popen(['python', 'ghost.py', '-c', 'good.txt', '-d','/mnt/evil.txt'], stdout=subprocess.PIPE,)
files = proc.communicate()
for i in files:
if i != None and i != "\n":
os.system("./del.sh " + i)
Using a subprocess doesn't change any interesting aspect of your design, so don't use them. You probably need os.fsync(). Try this pattern:
myfile.write('all of my good data')
myfile.flush()
os.fsync(myfile.fileno())
myfile.close()
os.remove(myfile)
Reference: https://docs.python.org/2/library/os.html#os.fsync
Where we work we need to remember about 10 long passwords which need to change every so often. I would like to create a utility which can potentially save these passwords in an encrypted file so that we can keep track of them.
I can think of some sort of dictionary passwd = {'host1':'pass1', 'host2':'pass2'}, etc, but I don't know what to do about encryption (absolutely zero experience in the topic).
So, my question is really two questions:
Is there a Linux-based utility which lets you do that?
If you were to program it in Python, how would you go about it?
A perk of approach two, would be for the software to update the ssh public keys after the password has been changed (you know the pain of updating ~15 tokens once you change your password).
As it can be expected, I have zero control over the actual network configuration and the management of scp keys. I can only hope to provide a simple utility to me an my very few coworkers so that, if we need to, we can retrieve a password on demand.
Cheers.
Answers to your questions:
Yes. Take a look at KeePass.
I wouldn't program a utility like this in Python, because there are available open source tools already. Furthermore, I would have concerns about protecting the unencrypted passwords as they were processed by a Python program.
Hope that helps.
You might want to checkout ecryptfs. It should be available for any Linux OS.
On Ubuntu, setting it up is as easy as
sudo apt-get install ecryptfs-utils
ecryptfs-setup-private
This creates a directory for encrypted files, typically called ~/.Private.
To use it:
mount -t ecryptfs ~/.Private ~/Private
This mounts the encrypted files from ~/.Private at the mount point ~/Private.
You can read/write the plain text files in ~/Private.
umount ~/Private
updates the encrypted files in ~/.Private and removes ~/Private.
See these links
home page
linux journal
tutorial
another tutorial
for more information.
On first i think you can change passwords on md5 of this passwords..
it will give more safety.
You could use TrueCrypt or AxCrypt -- both are Open Source solutions. I'll echo Mox's concerns about the unencrypted PWs.
Of course you could also follow Bruce Schneier's advice about password protection...