1

I have seen numerous examples of using sudo password with paramiko. For example: How to run sudo with paramiko? (Python)

Since the password is written to stdin, is it possible to read the password in clear text on the target server using some native Linux tools, some special audit software or similar? Is it recorded in some log file etc...

Community
  • 1
  • 1
Yagosh Bessovity
  • 11
  • 1
  • If you're using ssh the connection should be encrypted, so the entire communication will be unreadable. – fedterzi May 26 '16 at 15:52
  • @fedterzi I am not worried about someone sniffing the network, I am worried about someone reading the password in the log files on the target server since the password is actually written to the stdin: `stdin.write('mypass\n') stdin.flush()` – Yagosh Bessovity May 27 '16 at 06:57
  • It could be read from history files (like `.bash_history`) if `sudo` for some reason cannot be accessed (uninstalled, deleted, wrong `PATH`, etc.), so you might want to check if it exists before writing to stdin. Otherwise, if `sudo` executes correctly, you will be fine. – fedterzi May 27 '16 at 07:23

0 Answers0