Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| Security Discuss UNIX and Linux computer and network security, cybersecurity, cyberattacks, IT security, CISSP, OWASP and more. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Pseudo-terminal will not be allocated because stdin is not a terminal. | Shivdatta | UNIX for Advanced & Expert Users | 1 | 08-04-2008 10:29 AM |
| Don't show keyboard input on terminal | marianor31 | Shell Programming and Scripting | 1 | 03-23-2007 06:54 PM |
| Secure FTP Problem using Sun SSH on Client system F-Secure on Server system | ftpguy | SUN Solaris | 2 | 01-11-2007 12:19 PM |
| connecting to unix through hyper terminal - as a dumb terminal | michelle | UNIX for Advanced & Expert Users | 2 | 11-05-2001 03:32 PM |
| How to suppress input keying from displaying on terminal. | liteyear18 | UNIX for Dummies Questions & Answers | 2 | 07-19-2001 09:13 AM |
 |
Powered by 
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
|
|
08-14-2008
|
||||
|
||||
|
Is my terminal input secure?
My knowledge of Unix input/output/devices is very hazy so could someone please tell me if the following is secure?
I log on to an account on a shared Unix server (Linux 2.6.18-6-686) using ssh (PuTTY). I start a python program and then type into it (python raw_input command) the username/password of an account on a web site it should log on to using SSL. The python executable is one I downloaded and built myself. Is it possible for someone with root privilege to see the username/password I type into the python program? Thanks very much in advance. |
|
08-14-2008
|
||||
|
||||
|
Root can do anything. Don't run it on a box where you do not trust root.
(The question is not well stated, though. The problem is not in the security of your terminal input, it's in the security of where that input ends up in the memory of a remote computer whose administrator you do not trust.) |
|
08-14-2008
|
||||
|
||||
|
era is right. On Linux, root can do anything. Just think about /dev/mem and /dev/kmem or LKM.
1. Root could create a program that would have access to all iomem and ioports. 2. Root could alter the kernel in any way so it would do anything (get out of the virtual memory and go straight to physical memory which only the kernel can touch) 3. Root could just ptrace() your terminal and see whatever you're typing. |
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Hybrid Mode
