Oleg Zabluda's blog: My first contribution to the python community from 2003. I reported bugs and potential security holes in getpass.py

Everything about computers and stuff

Archives
May 19, 2001 November 12, 2003 March 10, 2004 October 18, 2004 December 25, 2004 January 06, 2005 January 31, 2005 February 02, 2005 February 06, 2005 February 15, 2005 February 16, 2005 February 21, 2005 February 23, 2005 February 24, 2005 February 25, 2005 February 28, 2005 March 01, 2005 March 03, 2005 March 06, 2005 March 10, 2005 March 13, 2005 March 18, 2005 March 29, 2005 April 05, 2005 May 09, 2005 May 19, 2005 June 20, 2005 June 28, 2005 July 20, 2005 August 01, 2005 August 22, 2005 August 24, 2005 September 19, 2005 September 28, 2005 October 18, 2005 October 19, 2005 April 28, 2006 May 08, 2006 July 03, 2007 December 15, 2009 January 12, 2010 January 29, 2011 February 22, 2011 May 13, 2011 May 28, 2011 July 12, 2011 July 15, 2011 July 21, 2011 July 22, 2011 July 23, 2011 July 28, 2011 July 29, 2011 August 02, 2011 August 03, 2011 August 05, 2011 August 08, 2011 August 09, 2011 August 11, 2011 August 15, 2011 August 16, 2011 August 17, 2011 August 20, 2011 August 21, 2011 August 23, 2011 August 24, 2011 August 25, 2011 August 26, 2011 August 29, 2011 September 07, 2011 September 09, 2011 September 16, 2011 September 17, 2011 September 19, 2011 September 22, 2011 September 27, 2011 September 30, 2011 October 01, 2011 October 04, 2011 October 05, 2011 October 06, 2011 October 08, 2011 October 11, 2011 October 13, 2011 October 14, 2011 October 18, 2011 October 20, 2011 October 21, 2011 October 24, 2011 October 26, 2011 October 27, 2011 October 28, 2011 October 31, 2011 November 01, 2011 November 02, 2011 November 03, 2011 November 04, 2011 November 06, 2011 November 07, 2011 November 08, 2011 November 09, 2011 November 10, 2011 November 11, 2011 November 13, 2011 November 14, 2011 November 15, 2011 November 17, 2011 November 18, 2011 November 20, 2011 November 21, 2011 November 23, 2011 November 25, 2011 November 26, 2011 December 01, 2011 December 02, 2011 December 03, 2011 December 04, 2011 December 05, 2011 December 08, 2011 December 09, 2011 December 10, 2011 December 11, 2011 December 12, 2011 December 13, 2011 December 16, 2011 December 17, 2011 December 18, 2011 December 20, 2011 December 22, 2011 December 23, 2011 December 24, 2011 December 25, 2011 December 26, 2011 December 27, 2011 December 29, 2011 December 30, 2011 December 31, 2011 January 05, 2012 January 08, 2012 January 11, 2012 January 13, 2012 January 14, 2012 January 16, 2012 January 19, 2012 January 21, 2012 January 22, 2012 January 24, 2012 January 27, 2012 January 29, 2012 January 30, 2012 February 01, 2012 February 06, 2012 February 07, 2012 February 08, 2012 February 11, 2012 February 12, 2012 February 14, 2012 February 15, 2012 February 17, 2012 February 18, 2012 February 19, 2012 February 20, 2012 February 21, 2012 February 22, 2012 February 23, 2012 February 25, 2012 February 26, 2012 March 02, 2012 March 03, 2012 March 05, 2012 March 06, 2012 March 07, 2012 March 08, 2012 March 09, 2012 March 10, 2012 March 11, 2012 March 12, 2012 March 13, 2012 March 14, 2012 March 16, 2012 March 17, 2012 March 18, 2012 March 19, 2012 March 20, 2012 March 21, 2012 March 22, 2012 March 24, 2012 March 25, 2012 March 26, 2012 March 27, 2012 March 29, 2012 March 30, 2012 March 31, 2012 April 01, 2012 April 02, 2012 April 03, 2012 April 04, 2012 April 05, 2012 April 06, 2012 April 07, 2012 April 08, 2012 April 09, 2012 April 10, 2012 April 11, 2012 April 12, 2012 April 13, 2012 April 14, 2012 April 15, 2012 April 17, 2012 April 18, 2012 April 19, 2012 April 20, 2012 April 21, 2012 April 22, 2012 April 23, 2012 April 24, 2012 April 25, 2012 April 26, 2012 April 27, 2012 April 28, 2012 April 29, 2012 May 01, 2012 May 02, 2012 May 03, 2012 May 04, 2012 May 05, 2012 May 06, 2012 May 07, 2012 May 08, 2012 May 09, 2012 May 10, 2012 May 12, 2012 May 13, 2012 May 14, 2012 May 15, 2012 May 17, 2012 May 18, 2012 May 19, 2012 May 20, 2012 May 21, 2012 May 22, 2012 May 23, 2012 May 24, 2012 May 25, 2012 May 28, 2012 May 29, 2012 May 30, 2012 May 31, 2012 June 01, 2012 June 02, 2012 June 03, 2012 June 04, 2012 June 05, 2012 June 06, 2012 June 07, 2012 June 08, 2012 June 09, 2012 June 10, 2012 June 12, 2012 June 15, 2012 June 16, 2012 June 17, 2012 June 18, 2012 June 19, 2012 June 20, 2012 June 21, 2012 June 22, 2012 June 23, 2012 June 24, 2012 June 26, 2012 June 28, 2012 June 29, 2012 June 30, 2012 July 01, 2012 July 02, 2012 July 03, 2012 July 04, 2012 July 05, 2012 July 06, 2012 July 07, 2012 July 08, 2012 July 09, 2012 July 10, 2012 July 12, 2012 July 14, 2012 July 15, 2012 July 16, 2012 July 18, 2012 July 19, 2012 July 20, 2012 July 21, 2012 July 22, 2012 July 24, 2012 July 26, 2012 July 27, 2012 July 28, 2012 July 30, 2012 August 03, 2012 August 04, 2012 August 05, 2012 August 12, 2012 August 14, 2012 August 15, 2012 August 16, 2012 August 17, 2012 August 18, 2012 August 19, 2012 August 20, 2012 August 22, 2012 August 25, 2012 August 26, 2012 August 28, 2012 August 30, 2012 August 31, 2012 September 01, 2012 September 08, 2012 September 09, 2012 September 12, 2012 September 15, 2012 September 16, 2012 September 17, 2012 September 19, 2012 September 20, 2012 September 21, 2012 September 22, 2012 September 23, 2012 September 24, 2012 September 25, 2012 September 27, 2012 September 28, 2012 September 29, 2012 September 30, 2012 October 01, 2012 October 03, 2012 October 05, 2012 October 06, 2012 October 07, 2012 October 08, 2012 October 10, 2012 October 12, 2012 October 13, 2012 October 14, 2012 October 15, 2012 October 20, 2012 October 21, 2012 October 22, 2012 October 23, 2012 October 25, 2012 October 26, 2012 October 28, 2012 October 30, 2012 October 31, 2012 November 01, 2012 November 02, 2012 November 04, 2012 November 05, 2012 November 06, 2012 November 07, 2012 November 08, 2012 November 09, 2012 November 10, 2012 November 12, 2012 November 18, 2012 November 19, 2012 November 20, 2012 November 21, 2012 November 22, 2012 November 23, 2012 November 24, 2012 November 26, 2012 November 27, 2012 November 28, 2012 November 29, 2012 November 30, 2012 December 01, 2012 December 02, 2012 December 03, 2012 December 05, 2012 December 06, 2012 December 07, 2012 December 09, 2012 December 10, 2012 September 08, 2016 September 10, 2016 September 11, 2016 September 12, 2016 September 13, 2016 September 14, 2016 September 15, 2016 September 16, 2016 September 17, 2016 September 18, 2016 September 19, 2016 September 20, 2016 September 21, 2016 September 22, 2016 September 23, 2016 September 24, 2016 September 25, 2016 September 26, 2016 September 27, 2016 September 28, 2016 September 29, 2016 September 30, 2016 October 01, 2016 October 02, 2016 October 03, 2016 October 04, 2016 October 05, 2016 October 06, 2016 October 07, 2016 October 10, 2016 October 11, 2016 October 12, 2016 October 13, 2016 October 14, 2016 October 15, 2016 October 17, 2016 October 18, 2016 October 19, 2016 October 21, 2016 October 22, 2016 October 23, 2016 October 25, 2016 October 26, 2016 October 28, 2016 October 29, 2016 October 30, 2016 October 31, 2016 November 01, 2016 November 02, 2016 November 03, 2016 November 04, 2016 November 05, 2016 November 07, 2016 November 08, 2016 November 09, 2016 November 10, 2016 November 11, 2016 November 12, 2016 November 13, 2016 November 14, 2016 November 16, 2016 November 17, 2016 November 18, 2016 November 19, 2016 November 20, 2016 November 21, 2016 November 22, 2016 November 23, 2016 November 24, 2016 November 25, 2016 November 26, 2016 November 27, 2016 November 30, 2016 December 01, 2016 December 02, 2016 December 03, 2016 December 04, 2016 December 05, 2016 December 06, 2016 December 07, 2016 December 08, 2016 December 10, 2016 December 11, 2016 December 12, 2016 December 13, 2016 December 16, 2016 December 17, 2016 December 18, 2016 December 20, 2016 December 21, 2016 December 22, 2016 December 24, 2016 December 27, 2016 December 29, 2016 December 31, 2016 January 01, 2017 January 02, 2017 January 03, 2017 January 04, 2017 January 07, 2017 January 08, 2017 January 09, 2017 January 10, 2017 January 11, 2017 January 13, 2017 January 14, 2017 January 15, 2017 January 17, 2017 January 18, 2017 January 19, 2017 January 20, 2017 January 21, 2017 January 23, 2017 January 24, 2017 January 25, 2017 January 27, 2017 January 28, 2017 January 29, 2017 January 31, 2017 February 01, 2017 February 02, 2017 February 04, 2017 February 06, 2017 February 12, 2017 February 14, 2017 February 15, 2017 February 17, 2017 February 18, 2017 February 19, 2017 February 22, 2017 February 23, 2017 February 24, 2017 February 25, 2017 February 26, 2017 February 27, 2017 February 28, 2017 March 01, 2017 March 03, 2017 March 04, 2017 March 05, 2017 March 06, 2017 March 07, 2017 March 08, 2017 March 09, 2017 March 10, 2017 March 11, 2017 March 12, 2017 March 13, 2017 March 14, 2017 March 15, 2017 March 16, 2017 March 18, 2017 March 19, 2017 March 21, 2017 March 22, 2017 March 25, 2017 March 26, 2017 March 28, 2017 March 30, 2017 March 31, 2017 April 01, 2017 April 02, 2017 April 03, 2017 April 04, 2017 April 06, 2017 April 08, 2017 April 09, 2017 April 10, 2017 April 13, 2017 April 15, 2017 April 16, 2017 April 17, 2017 April 18, 2017 April 20, 2017 April 21, 2017 April 22, 2017 April 23, 2017 April 24, 2017 April 26, 2017 April 27, 2017 April 28, 2017 April 29, 2017 April 30, 2017 May 01, 2017 May 04, 2017 May 05, 2017 May 07, 2017 May 09, 2017 May 13, 2017 May 14, 2017 May 16, 2017 May 17, 2017 May 18, 2017 May 20, 2017 May 22, 2017 May 23, 2017 May 24, 2017 May 25, 2017 May 26, 2017 May 27, 2017 May 29, 2017 May 31, 2017 June 02, 2017 June 03, 2017 June 05, 2017 June 06, 2017 June 07, 2017 June 09, 2017 June 10, 2017 June 11, 2017 June 13, 2017 June 14, 2017 June 16, 2017 June 17, 2017 June 18, 2017 June 19, 2017 June 21, 2017 June 23, 2017 June 24, 2017 June 25, 2017 June 27, 2017 June 30, 2017 July 01, 2017 July 03, 2017 July 04, 2017 July 05, 2017 July 06, 2017 July 07, 2017 July 09, 2017 July 10, 2017 July 12, 2017 July 14, 2017 July 16, 2017 July 17, 2017 July 18, 2017 July 20, 2017 July 21, 2017 July 22, 2017 July 23, 2017 July 24, 2017 July 25, 2017 July 26, 2017 July 28, 2017 July 29, 2017 July 30, 2017 July 31, 2017 August 01, 2017 August 02, 2017 August 03, 2017 August 04, 2017 August 05, 2017 August 06, 2017 August 07, 2017 August 08, 2017 August 09, 2017 August 11, 2017 August 13, 2017 August 14, 2017 August 15, 2017 August 16, 2017 August 17, 2017 August 18, 2017 August 19, 2017 August 20, 2017 August 21, 2017 August 22, 2017 August 23, 2017 August 24, 2017 August 25, 2017 August 26, 2017 August 27, 2017 August 28, 2017 August 29, 2017 August 30, 2017 September 01, 2017 September 02, 2017 September 05, 2017 September 07, 2017 September 09, 2017 September 10, 2017 September 11, 2017 September 13, 2017 September 14, 2017 September 18, 2017 September 19, 2017 September 20, 2017 September 22, 2017 September 23, 2017 September 24, 2017 September 25, 2017 September 26, 2017 September 27, 2017 September 29, 2017 September 30, 2017 October 01, 2017 October 02, 2017 October 03, 2017 October 07, 2017 October 08, 2017 October 09, 2017 October 10, 2017 October 11, 2017 October 12, 2017 October 13, 2017 October 15, 2017 October 16, 2017 October 18, 2017 October 19, 2017 October 20, 2017 October 21, 2017 October 22, 2017 October 26, 2017 October 27, 2017 October 29, 2017 October 31, 2017 November 02, 2017 November 03, 2017 November 04, 2017 November 08, 2017 November 10, 2017 November 11, 2017 November 12, 2017 November 18, 2017 November 19, 2017 November 21, 2017 November 26, 2017 November 27, 2017 November 28, 2017 November 29, 2017 December 02, 2017 December 04, 2017 December 05, 2017 December 06, 2017 December 07, 2017 December 08, 2017 December 10, 2017 December 11, 2017 December 16, 2017 December 17, 2017 December 18, 2017 December 20, 2017 December 22, 2017 December 23, 2017 December 24, 2017 December 25, 2017 December 28, 2017 December 29, 2017 December 30, 2017 December 31, 2017 January 01, 2018 January 07, 2018 January 09, 2018 January 14, 2018 January 15, 2018 January 18, 2018 January 20, 2018 January 22, 2018 January 23, 2018 January 24, 2018 January 26, 2018 January 27, 2018 January 28, 2018 January 30, 2018 January 31, 2018 February 02, 2018 February 03, 2018 February 04, 2018 February 06, 2018 February 07, 2018 February 08, 2018 February 09, 2018 February 10, 2018 February 11, 2018 February 13, 2018 February 14, 2018 February 15, 2018 February 17, 2018 February 18, 2018 February 19, 2018 February 20, 2018 February 21, 2018 February 22, 2018 February 23, 2018 February 24, 2018 February 28, 2018 March 01, 2018 March 02, 2018 March 04, 2018 March 05, 2018 March 06, 2018 March 07, 2018 March 08, 2018 March 09, 2018 March 13, 2018 March 14, 2018 March 15, 2018 March 16, 2018 March 18, 2018 March 19, 2018 March 20, 2018 March 21, 2018 March 23, 2018 March 24, 2018 March 25, 2018 March 26, 2018 March 27, 2018 March 28, 2018 March 29, 2018 April 01, 2018 April 02, 2018 April 04, 2018 April 05, 2018 April 06, 2018 April 10, 2018 April 11, 2018 April 12, 2018 April 13, 2018 April 14, 2018 April 15, 2018 April 16, 2018 April 17, 2018 April 18, 2018 April 19, 2018 April 20, 2018 April 21, 2018 April 23, 2018 April 24, 2018 April 25, 2018 April 26, 2018 April 27, 2018 April 28, 2018 April 29, 2018 April 30, 2018 May 01, 2018 May 02, 2018 May 03, 2018 May 04, 2018 May 05, 2018 May 06, 2018 May 07, 2018 May 08, 2018 May 09, 2018 May 10, 2018 May 12, 2018 May 13, 2018 May 14, 2018 May 15, 2018 May 16, 2018 May 17, 2018 May 18, 2018 May 19, 2018 May 23, 2018 May 24, 2018 May 26, 2018 May 27, 2018 May 28, 2018 May 30, 2018 June 01, 2018 June 02, 2018 June 03, 2018 June 04, 2018 June 05, 2018 June 06, 2018 June 07, 2018 June 08, 2018 June 09, 2018 June 10, 2018 June 11, 2018 June 12, 2018 June 13, 2018 June 14, 2018 June 15, 2018 June 18, 2018 June 19, 2018 June 20, 2018 June 21, 2018 June 22, 2018 June 23, 2018 June 24, 2018 June 25, 2018 June 26, 2018 June 27, 2018 June 29, 2018 June 30, 2018 July 01, 2018 July 02, 2018 July 03, 2018 July 04, 2018 July 06, 2018 July 07, 2018 July 08, 2018 July 09, 2018 July 10, 2018 July 11, 2018 July 12, 2018 July 13, 2018 July 14, 2018 July 15, 2018 July 16, 2018 July 17, 2018 July 18, 2018 July 19, 2018 July 20, 2018 July 21, 2018 July 22, 2018 July 23, 2018 July 25, 2018 July 26, 2018 July 27, 2018 July 28, 2018 July 29, 2018 July 30, 2018 July 31, 2018 August 01, 2018 August 02, 2018 August 03, 2018 August 04, 2018 August 05, 2018 August 07, 2018 August 08, 2018 August 09, 2018 August 10, 2018 August 11, 2018 August 12, 2018 August 13, 2018 August 14, 2018 August 15, 2018 August 16, 2018 August 17, 2018 August 19, 2018 August 20, 2018 August 21, 2018 August 22, 2018 August 23, 2018 August 24, 2018 August 25, 2018 August 26, 2018 August 27, 2018 August 28, 2018 August 29, 2018 August 30, 2018 August 31, 2018 September 01, 2018 September 02, 2018 September 03, 2018 September 04, 2018 September 05, 2018 September 06, 2018 September 07, 2018 September 08, 2018 September 09, 2018 September 10, 2018 September 11, 2018 September 12, 2018 September 13, 2018 September 14, 2018 September 15, 2018 September 16, 2018 September 17, 2018 September 18, 2018 September 19, 2018 September 20, 2018 September 21, 2018 September 22, 2018 September 23, 2018 September 26, 2018 September 27, 2018 September 28, 2018 September 29, 2018 September 30, 2018 October 01, 2018 October 02, 2018 October 03, 2018 October 04, 2018 October 05, 2018 October 06, 2018 October 07, 2018 October 08, 2018 October 09, 2018 October 10, 2018 October 11, 2018 October 12, 2018 October 13, 2018 October 14, 2018 October 15, 2018 October 16, 2018 October 17, 2018 October 18, 2018 October 19, 2018 October 20, 2018 October 21, 2018 October 22, 2018 October 23, 2018 October 24, 2018 October 25, 2018 October 26, 2018 October 27, 2018 October 28, 2018 October 29, 2018 October 31, 2018 November 01, 2018 November 02, 2018 November 03, 2018 November 04, 2018 November 06, 2018 November 07, 2018 November 08, 2018 November 09, 2018 November 11, 2018 November 12, 2018 November 13, 2018 November 14, 2018 November 15, 2018 November 16, 2018 November 17, 2018 November 18, 2018 November 19, 2018 November 20, 2018 November 21, 2018 November 22, 2018 November 23, 2018 November 24, 2018 November 25, 2018 November 27, 2018 November 28, 2018 November 29, 2018 November 30, 2018 December 01, 2018 December 02, 2018 December 03, 2018 December 06, 2018 December 08, 2018 December 10, 2018 December 11, 2018 December 13, 2018 December 14, 2018 December 16, 2018 December 18, 2018 December 19, 2018 December 20, 2018 December 22, 2018 December 27, 2018 January 01, 2019 January 02, 2019 January 03, 2019 January 04, 2019 January 06, 2019 January 07, 2019 January 08, 2019 January 09, 2019 January 12, 2019 January 16, 2019 January 17, 2019 January 18, 2019 January 19, 2019 January 21, 2019 January 22, 2019 January 25, 2019 January 26, 2019 January 28, 2019 January 29, 2019 February 17, 2019 February 18, 2019 February 19, 2019 February 20, 2019 February 22, 2019 February 26, 2019 February 27, 2019 February 28, 2019 March 09, 2019 March 10, 2019 March 11, 2019 March 12, 2019 March 13, 2019 March 16, 2019 March 24, 2019 March 27, 2019 April 01, 2019

check links

Oleg Zabluda's blog

Wednesday, April 11, 2012

My first contribution to the python community from 2003. I reported bugs and potential security holes in getpass.py
My first contribution to the python community from 2003. I reported bugs and potential security holes in getpass.py
http://mail.python.org/pipermail/python-dev/2003-December/040579.html
Guido Van Rossum, later in the thread, decided they were not worth fixing.

In 2009, the bug/security hole were actually triggered, and it was noted that I reported this bug/security hole back in 2003:
http://bugs.python.org/issue7208
http://bugs.python.org/issue7208#msg94594

The proposed fix at the time was still incomplete. sync(2) can return before fd is flushed (see sync(2)), stream.flush() can fail (I/O error, user replaced flush(), etc...) or be interrupted (^C or other signal, ditto with tcsetattr)
or the thread can be canceled. If so, later I/O from a programmer to the stream might echo the password.

I didn't check the current state of getpass.py. The stated reason for even using it instead of getpass(2) is portability, but on platforms where getpass(2) are available (like glibc), it's best to use that, because it clearly received more scrutiny, and, even more importantly, it's used throughout the system (login, ssh, sudo, etc...) and if it is broken, the game over anyway, so it reduces defense perimeter.
http://mail.python.org/pipermail/python-dev/2003-December/040579.html

Labels: Oleg Zabluda

| |

Home

About Me