diff options
| author | Gregory P. Smith <greg@mad-scientist.com> | 2009-11-01 18:31:13 (GMT) |
|---|---|---|
| committer | Gregory P. Smith <greg@mad-scientist.com> | 2009-11-01 18:31:13 (GMT) |
| commit | 6da85f947f0c03a9fde7de4a9386498be8eaaa94 (patch) | |
| tree | a20c527f892bd493169c680b0812bf23d79f4ea6 | |
| parent | f44aa34ceec6e6d068802946f759d2db4bdc1087 (diff) | |
| download | cpython-6da85f947f0c03a9fde7de4a9386498be8eaaa94.zip cpython-6da85f947f0c03a9fde7de4a9386498be8eaaa94.tar.gz cpython-6da85f947f0c03a9fde7de4a9386498be8eaaa94.tar.bz2 | |
Merged revisions 76000 via svnmerge from
svn+ssh://pythondev@svn.python.org/python/trunk
........
r76000 | gregory.p.smith | 2009-10-31 14:26:08 -0700 (Sat, 31 Oct 2009) | 7 lines
Fixes issue7208 - getpass would still allow the password to be echoed on
Solaris due to not flushing the input buffer.
This change also incorporates some additional getpass implementation
suggestions for security based on an analysis of getpass.c linked to from the
issue.
........
| -rw-r--r-- | Lib/getpass.py | 11 | ||||
| -rw-r--r-- | Misc/NEWS | 6 |
2 files changed, 14 insertions, 3 deletions
diff --git a/Lib/getpass.py b/Lib/getpass.py index 05e9b72..3ca7fb2 100644 --- a/Lib/getpass.py +++ b/Lib/getpass.py @@ -62,12 +62,16 @@ def unix_getpass(prompt='Password: ', stream=None): try: old = termios.tcgetattr(fd) # a copy to save new = old[:] - new[3] &= ~termios.ECHO # 3 == 'lflags' + new[3] &= ~(termios.ECHO|termios.ISIG) # 3 == 'lflags' + tcsetattr_flags = termios.TCSAFLUSH + if hasattr(termios, 'TCSASOFT'): + tcsetattr_flags |= termios.TCSASOFT try: - termios.tcsetattr(fd, termios.TCSADRAIN, new) + termios.tcsetattr(fd, tcsetattr_flags, new) passwd = _raw_input(prompt, stream, input=input) finally: - termios.tcsetattr(fd, termios.TCSADRAIN, old) + termios.tcsetattr(fd, tcsetattr_flags, old) + stream.flush() # issue7208 except termios.error, e: if passwd is not None: # _raw_input succeeded. The final tcsetattr failed. Reraise @@ -125,6 +129,7 @@ def _raw_input(prompt="", stream=None, input=None): if prompt: stream.write(prompt) stream.flush() + # NOTE: The Python C API calls flockfile() (and unlock) during readline. line = input.readline() if not line: raise EOFError @@ -24,6 +24,12 @@ Core and Builtins Library ------- +- Issue #7246 & Issue #7208: getpass now properly flushes input before + reading from stdin so that existing input does not confuse it and + lead to incorrect entry or an IOError. It also properly flushes it + afterwards to avoid the terminal echoing the input afterwards on + OSes such as Solaris. + - Issue #7244: itertools.izip_longest() no longer ignores exceptions raised during the formation of an output tuple. |