1

Specifically, I'm asking about the safety of Python's print function. I have a python script that generates passwords and before exiting, prints the password to the terminal's output using print(). I have some questions about the safety of this:

Can an unprivileged process (process running in user space) access the output by:

  1. reading the terminal screen's content or GUI? From my limited research (1, 2) this seems to be possible in systems utilizing X windows system, but not Wayland.

  2. reading into the file descriptor or through some similar method? I tried cat /dev/pts/14 and tail -f /proc/<pid>/fd/1, but neither of them worked from my experiments, and I'm not sure why.

  3. reading into terminal output logs or some output history stored somewhere (when I have not deliberately installed/activated any such thing)?

  4. reading the memory location of the released process? I.e. when my python script finishes running, does it leave the password's value in the block of memory where it was stored when the process was running?

  5. by reading into Python specific logs of what it prints?

  6. through some other method?

Improve this question
3
  • Lokking over your sholder, use xclip. Commented Jun 8, 2020 at 4:17
  • @user1133275 copying passwords to clipboard is not secure. Commented Jun 8, 2020 at 4:30
  • Redesign your process. Modern Unix/Linux systems support "Allow login but force password change first". That way, THEY know their password, but you don't. Commented Jun 9, 2020 at 18:28

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.