Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #71866 > unrolled thread
| Started by | Nagy László Zsolt <gandalf@shopzeus.com> |
|---|---|
| First post | 2014-05-21 18:42 +0200 |
| Last post | 2014-07-06 15:52 -0400 |
| Articles | 4 — 3 participants |
Back to article view | Back to comp.lang.python
cx_freeze and temporary files - security related question Nagy László Zsolt <gandalf@shopzeus.com> - 2014-05-21 18:42 +0200
Re: cx_freeze and temporary files - security related question Richard Damon <Richard@Damon-Family.org> - 2014-07-06 09:21 -0400
Re: cx_freeze and temporary files - security related question William Ray Wing <wrw@mac.com> - 2014-07-06 15:04 -0400
Re: cx_freeze and temporary files - security related question Richard Damon <Richard@Damon-Family.org> - 2014-07-06 15:52 -0400
| From | Nagy László Zsolt <gandalf@shopzeus.com> |
|---|---|
| Date | 2014-05-21 18:42 +0200 |
| Subject | cx_freeze and temporary files - security related question |
| Message-ID | <mailman.10201.1400690604.18130.python-list@python.org> |
I need to create an application for Windows 7 that runs from a flash drive. This program would be used to create remote backups of the pendrive. The pendrive contains sensitive data, so when I plug in the pendrive and run the program to make a backup, it should not leave any trace of operation on the windows system. The information is so sensitive that I was forbidden to use cloud storage. I was also forbidden to make backups to a local drive, or leave any trace on the host windows system. The question is this: if I create this program with Python 3.4 and cx_Freeze, then what should I expect. When the user starts the cx_freeze-d program from the flash drive, will it create temporary files on the system drive? Will it leave log files or store any permanent or temporary data on the system drive (maybe in the user's tmp folder) that can later be used to tell what drive was mounted, with what parameters the program was started etc. Thanks
[toc] | [next] | [standalone]
| From | Richard Damon <Richard@Damon-Family.org> |
|---|---|
| Date | 2014-07-06 09:21 -0400 |
| Message-ID | <53cuv.255700$eG6.225581@fx29.iad> |
| In reply to | #71866 |
On 5/21/14, 12:42 PM, Nagy László Zsolt wrote: > I need to create an application for Windows 7 that runs from a flash > drive. This program would be used to create remote backups of the > pendrive. The pendrive contains sensitive data, so when I plug in the > pendrive and run the program to make a backup, it should not leave any > trace of operation on the windows system. The information is so > sensitive that I was forbidden to use cloud storage. I was also > forbidden to make backups to a local drive, or leave any trace on the > host windows system. > > The question is this: if I create this program with Python 3.4 and > cx_Freeze, then what should I expect. When the user starts the > cx_freeze-d program from the flash drive, will it create temporary files > on the system drive? Will it leave log files or store any permanent or > temporary data on the system drive (maybe in the user's tmp folder) that > can later be used to tell what drive was mounted, with what parameters > the program was started etc. > > Thanks > I am not sure about what temp files python might leave around, but if you are being ultimately paranoid about this, one risk that will be present is the possibility of leaving traces of data in the swap file. If the program doesn't specifically prohibit it, anything that is brought into memory (and the act of reading the pendrive will do this) might end up in the swap file. I can't imagine python having a run time option to force it to disable the swap file. If the data is as sensitive as they seem to want to treat it, perhaps you should follow the procedures of classified computing, which says that any storage medium "exposed" to classified computing becomes classified. This would say that you would use a dedicated machine to do these backups, and after doing them, you remove the hard disk from the machine and lock it up, only to be taken out for later backups. This level of paranoia says you don't need to be as concerned about figuring out what traces might be left, you assume they are and lock them up.
[toc] | [prev] | [next] | [standalone]
| From | William Ray Wing <wrw@mac.com> |
|---|---|
| Date | 2014-07-06 15:04 -0400 |
| Message-ID | <mailman.11553.1404673482.18130.python-list@python.org> |
| In reply to | #74012 |
On Jul 6, 2014, at 9:21 AM, Richard Damon <Richard@Damon-Family.org> wrote: > On 5/21/14, 12:42 PM, Nagy László Zsolt wrote: >> I need to create an application for Windows 7 that runs from a flash >> drive. This program would be used to create remote backups of the >> pendrive. The pendrive contains sensitive data, so when I plug in the >> pendrive and run the program to make a backup, it should not leave any >> trace of operation on the windows system. The information is so >> sensitive that I was forbidden to use cloud storage. I was also >> forbidden to make backups to a local drive, or leave any trace on the >> host windows system. >> >> The question is this: if I create this program with Python 3.4 and >> cx_Freeze, then what should I expect. When the user starts the >> cx_freeze-d program from the flash drive, will it create temporary files >> on the system drive? Will it leave log files or store any permanent or >> temporary data on the system drive (maybe in the user's tmp folder) that >> can later be used to tell what drive was mounted, with what parameters >> the program was started etc. >> >> Thanks >> > > I am not sure about what temp files python might leave around, but if you are being ultimately paranoid about this, one risk that will be present is the possibility of leaving traces of data in the swap file. If the program doesn't specifically prohibit it, anything that is brought into memory (and the act of reading the pendrive will do this) might end up in the swap file. > > I can't imagine python having a run time option to force it to disable the swap file. > > If the data is as sensitive as they seem to want to treat it, perhaps you should follow the procedures of classified computing, which says that any storage medium "exposed" to classified computing becomes classified. This would say that you would use a dedicated machine to do these backups, and after doing them, you remove the hard disk from the machine and lock it up, only to be taken out for later backups. This level of paranoia says you don't need to be as concerned about figuring out what traces might be left, you assume they are and lock them up. > — Furthermore, I don’t know about Windows, but on many UNIX-like OSs, the file system preserves the time the file was last accessed. If the goal is truly to leave no traces of the fact that the a group of files was backed up, this pretty well would be a red flag that they had been. -Bill
[toc] | [prev] | [next] | [standalone]
| From | Richard Damon <Richard@Damon-Family.org> |
|---|---|
| Date | 2014-07-06 15:52 -0400 |
| Message-ID | <mailman.11560.1404676606.18130.python-list@python.org> |
| In reply to | #74012 |
On 7/6/14, 3:04 PM, William Ray Wing wrote: > Furthermore, I don’t know about Windows, but on many UNIX-like OSs, > the file system preserves the time the file was last accessed. If the > goal is truly to leave no traces of the fact that the a group of files > was backed up, this pretty well would be a red flag that they had > been. -Bill I don't think the OP was concerned about leaving hints on the pen drive that it was backed up, but on the machine used to back it up. This is why my suggestion is, if you are concerned about leaving traces, lock up the drive with all the traces, just like you probably do all the backups. Then you can know that there aren't any traces left behind that you didn't think of. -- Richard Damon
[toc] | [prev] | [standalone]
Back to top | Article view | comp.lang.python
csiph-web