Im storing some user raw_input as a variable in Python 2.7, the issue is that this is sensitive as it is the encryption passphrase for a cryptocurrency wallet.
Therefore I want to ensure that once the Python script is completed, there is no trace of the passphase left anywhere on the system.
Where passphrase is the variable, is this at the end of the program:
del passphrase
good to utterly remove all traces?
No del xxx or implicit deletion (leaving the current scope) may not be enough to hide the previously stored value. Note that this may crucially depend on your OS and your Python implementation.
However I would advise not to roll your own security systems unless you really, really know what you're doing but rather search an already existing solution for whatever it is you want to do and use that. For example I'm not sure if either raw_input or input are suitable for cryptographical needs.
You may get additional help in Information Security StackExchange.
Related
I'm getting an OS_Access_Violation in several places in source code across different python projects. It shows up in areas like this:
if __name__ == '__main__':
main(sys.argv[1:])
often coupled with something like:
os.makedirs(args.output_dir, exist_ok=True)
as well as
elif args.backend == "beefygoodness":
os.environ["MMMMM_TACOS"] = "beefygoodness"
and
'args = parser.parse_args()'
There's no description associated with this finding, so I'm unsure what it means and what the proper remediation is. I'm also not sure if it's referring to an access violation in the developer sense (aka, program crash) or if it's a reference to data that shouldn't be accessible, or what exactly.
Google is no help on this either, unfortunately.
So does anyone know what this cryptic high-priority finding is referring to, and what the proper fix is? Thanks!
I haven't tested the query yet, but the result make sense.
You use the input that came from the user, so you have no certainty about its integrity, and it can be hostile.
For example:
args[1:]: You expect for 4 arguments, but the user can give you more, and unexpectedly affect the system.
Now, If I understand your question correctly, you said the vulnerable flow starts in main call and ends in one of os calls.
At this point you should understand that the unprotected input from the user, used as argument of os methods.
What if the user set /root/pwd as directory input?
Or what if the user set malicious text to the environment variable?
I think better solution is to save the arguments/env-variables as files [and credentials fetching from secret store vault] and consume those in runtime.
First of all sorry for my bad english.
I'm working on a project and I need to generate a code (ID) that I can verify later.
As my project is very extensive I will give you and example and later what I need to solve.
Example: I have a code that get the temperature of a place once a day, and the data is stored in a local database (I save the temperature, the date, and the unique ID).
The code is encrypted (No one can see the source code of the program).
Now my problem.
I need to be sure that the data stored in my database has not been modified.
What I think can solve this is: For example, the date is 08-19-2017 and the temperature is 25°C. I can do some math operations (for example, multiply all) and get an ID, and later on I can verify if the code match the date and temperature.
Do you think this is a good solution or is there a better one?
Thanks all.
I'm using Python and linux.
The code is encrypted (No one can see the source code of the program).
That's a fallacy. Unless you're using a secure processor that can actually decrypt things into memory that can't be read by the operating system, your program is never truly encrypted. Sure, the original python might be hidden, but from the assembly, a somewhat skilled person can easily gather what is happening.
So, since this is kind of a data security question: Security by obscurity doesn't work on general-purpose hardware. Especially not with relatively high-level things like Python.
Now my problem. I need to be sure that the data stored in my database has not been modified.
That is a hard problem, indeed. The problem is that: if someone's able to fully reconstruct the state of your program, they can also reconstruct what your encryption would have done if the data was different.
There's a few ways around that. But in the end, they all break down to a single principle:
You need some hardware device that can encrypt your data as it comes and proves it hasn't been tampered with, e.g. by keeping a counter of how many things have been encrypted. So, if you have e.g 100 things in the database that have been encrypted by your secure, uncloneable crypto hardware, and it shows it has only been used 100 times, you're fine. The same would apply if that hardware would, for example, always do "encrypt(input bytes + timestamp)".
You can't do that in software on a general purpose OS — software can always be made to run with modified data, and if it's just that you patch the physical memory accessed just in time.
So, what you'll need specific hardware. Feels like a crypto smart card would be able to do something like that, but I don't know whether that includes the functionality to keep a counter or include the timestamp.
One solution that might work is basically using a stream cipher to ensure the integrity of the whole data "stream". Here, part of the secret is the state in which the encryption algorithm is in. Imagine this: You have a smart card with a secret key from a keypair generated on the card itself on it. You hold the other key in your cellar.
You, before shipping the device, encrypt something secret. That puts the smartcard in a state that the malicious tamperer can't guess.
You encrypt the first value, save the output. That changes the internal state!
You encrypt and save the output of a known word or sequence
repeat 2. + 3. for all the other values to be stored.
at the end, you decrypt the data in the database using the key you kept in your cellar. Since the internal state necessarily changed with the input data (i.e. encrypting the same data twice doesn't give the same result!!), the data isn't correctly decryptable if you something is missing from the records. You can immediately check by the output generated by the known word.
takeaway
What you're trying to do is hard – that namely being:
running software on hardware that you have no control over and having to ensure the authenticity of the data it produced.
Now, the impossible part is actually making sure that data hasn't been tampered with before it enters your software – who says that, for example, the driver for your temperature sensor hasn't been replaced by something that always says "-18 °C"? To avoid the capability of people to tamper with your software, you'll need hardware that enforces the non-tampering. And that's not something you can do on PC-style hardware, unless you disable all debugging possibilities and ensure you have safe booting capability.
Working from the command line I wrote a function called go(). When called it receives input asking the user for a directory address in the format drive:\directory. No need for extra slashes or quotes or r literal qualifiers or what have you. Once you've provided a directory, it lists all the non-hidden files and directories under it.
I want to update the function now with a statement that stores this location in a variable, so that I can start browsing my hierarchy without specifying the full address every time.
Unfortunately I don't remember what statements I put in the function in the first place to make it work as it does. I know it's simple and I could just look it up and rebuild it from scratch with not too much effort, but that isn't the point.
As someone who is trying to learn the language, I try to stay at the command line as much as possible, only visiting the browser when I need to learn something NEW. Having to refer to obscure findings attached to vaguely related questions to rediscover how to do things I've already done is very cumbersome.
So my question is, can I see the contents of functions I have written, and how?
Unfortunately no. Python does not have this level of introspection. Best you can do is see the compiled byte code.
The inspect module details what information is available at runtime: https://docs.python.org/3.5/library/inspect.html
I am writing a command line interface in python that accepts a lot of user input. For the values that I am querying the user about, there is a significant amount of "additional information" that I could display, but would rather only display if the user needed help with how to provide a value.
So I thought I would provide my usual raw_input prompt, but also try an accept some Ctrl-H type sequences to output this help info.
Can Python accept this kind of input via raw_input in a terminal/shell? It there another more proper way to do this (preferably in the stdlib)?
No, python cannot accept this kind of input through raw_input. This is because you're thinking about sequences like: Ctrl-C, Ctrl-Z, etc. These are not keyboard inputs, these are signals that are processed by the terminal (not the program).
You can try to set up signal handlers that will do this for you, but that is not a very reliable solution (regardless of whether you're using python or something else).
The best solution for accepting this kind of input is to either use curses, or use readline (with adjustments to the configuration to handle things like Ctrl-H). Using readline will make your life much easier, but it comes with the cost that you have to license your program under the GNU GPL (or similar). Whereas curses does not have this kind of restriction.
I understand that this question has, in essence, already been asked, but that question did not have an unequivocal answer, so please bear with me.
Background: In my company, we use Perforce submission numbers as part of our versioning. Regardless of whether this is a correct method or not, that is how things are. Currently, many developers do separate submissions for code and documentation: first the code and then the documentation to update the client-facing docs with what the new version numbers should be. I would like to streamline this process.
My thoughts are as follows: create a Perforce trigger (which runs on the server side) which scans the submitted documentation files (such as .txt) for a unique term (such as #####PERFORCE##CHANGELIST##NUMBER###ROFL###LOL###WHATEVER#####) and then replaces it with the value of what the change list would be when submitted. I already know how to determine this value. What I cannot figure out, is how or where to update the files.
I have already determined that using the change-content trigger (whether possible or not), which
"fire[s] after changelist creation and file transfer, but prior to committing the submit to the database",
is the way to go. At this point the files need to exist somewhere on the server. How do I determine the (temporary?) location of these files from within, say, a Python script so that I can update or sed to replace the placeholder value with the intended value? The online documentation for Perforce which I have found so far have not been very explicit on whether this is possible or how the mechanics of a submission at this stage would work.
EDIT
Basically what I am looking for is RCS-like functionality, but without the unsightly special character sequences which accompany it. After more digging, what I am asking is the same as this question. However I believe that this must be possible, because the trigger is running on the server side and the files had already been transferred to the server. They must therefore be accessible by the script.
EXAMPLE
Consider the following snippet from a release notes document:
[#####PERFORCE##CHANGELIST##NUMBER###ROFL###LOL###WHATEVER#####] Added a cool new feature. Early retirement is in sight.
[52702] Fixed a really annoying bug. Many lives saved.
[52686] Fixed an annoying bug.
This is what the user submits. I then want the trigger to intercept this file during the submission process (as mentioned, at the change-content stage) and alter it so that what is eventually stored within Perforce looks like this:
[52738] Added a cool new feature. Early retirement is in sight.
[52702] Fixed a really annoying bug. Many lives saved.
[52686] Fixed an annoying bug.
Where 52738 is the final change list number of what the user submitted. (As mentioned, I can already determine this number, so please do dwell on this point.) I.e., what the user sees on the Perforce client console is.
Changelist 52733 renamed 52738.
Submitted change 52738.
Are you trying to replace the content of pending changelist files that were edited on a different client workspace (and different user)?
What type of information are you trying to replace in the documentation files? For example,
is it a date, username like with RCS keyword expansion? http://www.perforce.com/perforce/doc.current/manuals/p4guide/appendix.filetypes.html#DB5-18921
I want to get better clarification on what you are trying to accomplish in case there is another way to do what you want.
Depending on what you are trying to do, you may want to consider shelving ( http://www.perforce.com/perforce/doc.current/manuals/p4guide/chapter.files.html#d0e5537 )
Also, there is an existing Perforce enhancement request I can add your information to,
regarding client side triggers to modify files on the client side prior to submit. If it becomes implemented, you will be notified by email.
99w,
I have also added you to an existing enhancement request for Customizable RCS keywords, along
with the example you provided.
Short of using a post-command trigger to edit the archive content directly and then update the checksum in the database, there is currently not a way to update the file content with the custom-edited final changelist number.
One of the things I learned very early on in programming was to keep out of interrupt level as much as possible, and especially don't do stuff in interrupt that requires resources that can hang the system. I totally get that you want to resolve the internal labeling in sequence, but a better way to do it may be to just set up the edit during the trigger so that a post trigger tool can perform the file modification.
Correct me if I'm looking at this wrong, but there seems a bit of irony, or perhaps recursion, if you are trying to make a file change during the course of submitting a file change. It might be better to have a second change list that is reserved for the log. You always know where that file is, in your local file space. That said, ktext files and $ fields may be able to help.