[ACCEPTED]-Mark data as sensitive in python-coredump

Accepted answer
Score: 35


I have made a solution that uses ctypes 14 (which in turn uses C) to zero memory.

import sys
import ctypes

def zerome(string):
    location = id(string) + 20
    size     = sys.getsizeof(string) - 20

    memset =  ctypes.cdll.msvcrt.memset
    # For Linux, use the following. Change the 6 to whatever it is on your computer.
    # memset =  ctypes.CDLL("libc.so.6").memset

    print "Clearing 0x%08x size %i bytes" % (location, size)

    memset(location, 0, size)

I 13 make no guarantees of the safety of this 12 code. It is tested to work on x86 and CPython 11 2.6.2. A longer writeup is here.

Decrypting and 10 encrypting in Python will not work. Strings 9 and Integers are interned and persistent, which 8 means you are leaving a mess of password 7 information all over the place.

Hashing is 6 the standard answer, though of course the 5 plaintext eventually needs to be processed 4 somewhere.

The correct solution is to do 3 the sensitive processes as a C module.

But 2 if your memory is constantly being compromised, I 1 would rethink your security setup.

Score: 5

... The only solution to this is to use mutable data structures. That is, you must only use data structures 6 that allow you to dynamically replace 5 elements. For example, in Python you can 4 use lists to store an array of characters. However, every time you add or remove an element from a list, the language might copy the entire list behind your back, depending 3 on the implementation details. To be safe, if 2 you have to dynamically resize a data 1 structure, you should create a new one, copy data, and then write over the old one. For example:

def paranoid_add_character_to_list(ch, l):
  """Copy l, adding a new character, ch.  Erase l.  Return the result."""
  new_list = []
  for i in range(len(l)):
  for i in range(len(l)):
    new_list[i] = l[i]
    l[i] = 0
  return new_list

Source: http://www.ibm.com/developerworks/library/s-data.html

  • Author: John Viega (viega@list.org) is co-author of Building Secure Software (Addison-Wesley, 2001) and Java Enterprise Architecture (O'Reilly and Associates, 2001). John has authored more than 50 technical publications, primarily in the area of software security. He also wrote Mailman, the GNU Mailing List Manager and ITS4, a tool for finding security vulnerabilities in C and C++ code.
Score: 2

No way to "mark as sensitive", but you could 3 encrypt the data in memory and decrypt it 2 again when you need to use it -- not a perfect 1 solution but the best I can think of.

Score: 2
  • XOR with a one-time pad stored separately
  • always store salted hash rather than password itself

or, if you're very paranoid about dumps, store 3 unique random key in some other place, e.g. i 2 a different thread, in a registry, on your 1 server, etc.

Score: 1

based on culix's answer: the following works 2 with Linux 64-bit architecture.
Tested on 1 Debian based systems.

import sys 
import ctypes

def nuke(var_to_nuke):
    strlen = len(var_to_nuke)
    offset = sys.getsizeof(var_to_nuke) - strlen - 1
    ctypes.memset(id(var_to_nuke) + offset, 0, strlen)
    del var_to_nuke               # derefrencing the pointer.

More Related questions