On Thu, Nov 27, 2014 at 3:02 AM, Tim Daneliuk <tun...@tundraware.com> wrote: > On 11/26/2014 10:00 AM, random...@fastmail.us wrote: >> >> On Wed, Nov 26, 2014, at 10:55, Tim Daneliuk wrote: >>> >>> Nope. Password only exist in memory locally. >> >> >> How does it send it to the remote sudo? >> > > Over paramiko transport (ssh) and then only if it sees a custom > string coming back from sudo asking for the pw.
So, it does get sent on stdin to whatever program is on the other end. I would suggest a slightly safer approach: Instead of allowing a password to be entered at the sudo prompt, first run "sudo -v" (maybe -S as well to have it read stdin), which should be a self-contained "prompt for sudo password" command. Then have the actual command run as "sudo -n" for non-interactive mode. With most sane sudo setups, that should work, and it'll guarantee (as long as your I/O streams are separate for the separate programs) that the password will never be sent to the wrong program. Even so, I think your setup is pretty fragile. You'll do far better to reconfigure sudo than to try to fiddle all this around. ChrisA -- https://mail.python.org/mailman/listinfo/python-list
