cx_freeze and temporary files - security related question

Richard Damon Richard at
Sun Jul 6 15:21:45 CEST 2014

On 5/21/14, 12:42 PM, Nagy László Zsolt wrote:
> I need to create an application for Windows 7 that runs from a flash
> drive. This program would be used to create remote backups of the
> pendrive. The pendrive contains sensitive data, so when I plug in the
> pendrive and run the program to make a backup, it should not leave any
> trace of operation on the windows system. The information is so
> sensitive that I was forbidden to use cloud storage. I was also
> forbidden to make backups to a local drive, or leave any trace on the
> host windows system.
> The question is this: if I create this program with Python 3.4 and
> cx_Freeze, then what should I expect. When the user starts the
> cx_freeze-d program from the flash drive, will it create temporary files
> on the system drive? Will it leave log files or store any permanent or
> temporary data on the system drive (maybe in the user's tmp folder) that
> can later be used to tell what drive was mounted, with what parameters
> the program was started etc.
> Thanks

I am not sure about what temp files python might leave around, but if 
you are being ultimately paranoid about this, one risk that will be 
present is the possibility of leaving traces of data in the swap file. 
If the program doesn't specifically prohibit it, anything that is 
brought into memory (and the act of reading the pendrive will do this) 
might end up in the swap file.

I can't imagine python having a run time option to force it to disable 
the swap file.

If the data is as sensitive as they seem to want to treat it, perhaps 
you should follow the procedures of classified computing, which says 
that any storage medium "exposed" to classified computing becomes 
classified. This would say that you would use a dedicated machine to do 
these backups, and after doing them, you remove the hard disk from the 
machine and lock it up, only to be taken out for later backups. This 
level of paranoia says you don't need to be as concerned about figuring 
out what traces might be left, you assume they are and lock them up.

More information about the Python-list mailing list