Author: gregory.p.smith Date: Sat Oct 31 22:26:08 2009 New Revision: 76000 Log: Fixes issue7208 - getpass would still allow the password to be echoed on Solaris due to not flushing the input buffer. This change also incorporates some additional getpass implementation suggestions for security based on an analysis of getpass.c linked to from the issue. Modified: python/trunk/Lib/getpass.py Modified: python/trunk/Lib/getpass.py ============================================================================== --- python/trunk/Lib/getpass.py (original) +++ python/trunk/Lib/getpass.py Sat Oct 31 22:26:08 2009 @@ -62,12 +62,16 @@ try: old = termios.tcgetattr(fd) # a copy to save new = old[:] - new[3] &= ~termios.ECHO # 3 == 'lflags' + new[3] &= ~(termios.ECHO|termios.ISIG) # 3 == 'lflags' + tcsetattr_flags = termios.TCSAFLUSH + if hasattr(termios, 'TCSASOFT'): + tcsetattr_flags |= termios.TCSASOFT try: - termios.tcsetattr(fd, termios.TCSADRAIN, new) + termios.tcsetattr(fd, tcsetattr_flags, new) passwd = _raw_input(prompt, stream, input=input) finally: - termios.tcsetattr(fd, termios.TCSADRAIN, old) + termios.tcsetattr(fd, tcsetattr_flags, old) + stream.flush() # issue7208 except termios.error, e: if passwd is not None: # _raw_input succeeded. The final tcsetattr failed. Reraise @@ -125,6 +129,7 @@ if prompt: stream.write(prompt) stream.flush() + # NOTE: The Python C API calls flockfile() (and unlock) during readline. line = input.readline() if not line: raise EOFError