From 693ad857a08b083f2cbea43a5fa79123394e339f Mon Sep 17 00:00:00 2001 From: "gregory.p.smith" Date: Sat, 31 Oct 2009 21:26:08 +0000 Subject: [PATCH] Fixes issue7208 - getpass would still allow the password to be echoed on Solaris due to not flushing the input buffer. This change also incorporates some additional getpass implementation suggestions for security based on an analysis of getpass.c linked to from the issue. git-svn-id: http://svn.python.org/projects/python/trunk@76000 6015fed2-1504-0410-9fe1-9d1591cc4771 --- Lib/getpass.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/Lib/getpass.py b/Lib/getpass.py index 9a1273cbc8..4745ea944c 100644 --- a/Lib/getpass.py +++ b/Lib/getpass.py @@ -62,12 +62,16 @@ def unix_getpass(prompt='Password: ', stream=None): try: old = termios.tcgetattr(fd) # a copy to save new = old[:] - new[3] &= ~termios.ECHO # 3 == 'lflags' + new[3] &= ~(termios.ECHO|termios.ISIG) # 3 == 'lflags' + tcsetattr_flags = termios.TCSAFLUSH + if hasattr(termios, 'TCSASOFT'): + tcsetattr_flags |= termios.TCSASOFT try: - termios.tcsetattr(fd, termios.TCSADRAIN, new) + termios.tcsetattr(fd, tcsetattr_flags, new) passwd = _raw_input(prompt, stream, input=input) finally: - termios.tcsetattr(fd, termios.TCSADRAIN, old) + termios.tcsetattr(fd, tcsetattr_flags, old) + stream.flush() # issue7208 except termios.error, e: if passwd is not None: # _raw_input succeeded. The final tcsetattr failed. Reraise @@ -125,6 +129,7 @@ def _raw_input(prompt="", stream=None, input=None): if prompt: stream.write(prompt) stream.flush() + # NOTE: The Python C API calls flockfile() (and unlock) during readline. line = input.readline() if not line: raise EOFError -- 2.11.4.GIT