<div dir="auto"><div><br><br><div class="gmail_quote"><div dir="ltr">El vie., 22 de jun. de 2018 22:33, Terry Reedy <<a href="mailto:tjreedy@udel.edu">tjreedy@udel.edu</a>> escribió:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 6/22/2018 8:31 PM, Ezequiel Brizuela [aka EHB or qlixed] wrote:<br>
> As all the string in python are immutable, is impossible to overwrite <br>
> the value<br>
<br>
Not if one uses ctypes. Is that what you did?<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">No. I was using exclusivelly python strings functions from the C api.</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
> Well I already do it:<br>
> <br>
> <a href="https://github.com/qlixed/python-memwiper/" rel="noreferrer noreferrer" target="_blank">https://github.com/qlixed/python-memwiper/</a> <br>
<br>
> But i hit a lot of problems in the road, I was working on me free time <br>
> over the last year on this and make it "almost" work, but that is not <br>
> relevant to the proposal.<br>
<br>
I think it is. A very small fraction of Python users need such wiping.<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">And I doubt that it can be complete. For instance, I suspect that a <br>
password entered into getpass, for instance, first exists in OS form <br>
before being copied into a Python string objects. Wiping the Python <br>
string would not wipe the original copy.</blockquote></div></div><div dir="auto"><br></div><div dir="auto">Agree. It migth be more places to search.</div><div dir="auto"><br></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> So this really should be <br>
attacked at the OS level, not the language level. </blockquote></div></div><div dir="auto"><br></div><div dir="auto">This need to be tackled from all the sides. Ensuring the minimal attack surface possible for anyone.</div><div dir="auto"><br></div><div dir="auto"><br></div></div>