Path to in-memory-file without dumping in tmp - McMap

About

Path to in-memory-file without dumping in tmp

Asked 6/2, 2018 at 11:9 Answered 30/1, 2023 at 10:54

python encryption mmap in-memory data-protection

U

1

21

Is there a way in python to get the path to the in-memory file, so it'll behave as a normal file for methods which needs file path?

My objective is to protect the file, so avoiding dumping into /tmp.

Trying to read an encrypted file -> decrypt a file into memory -> use its path for other interfaces.

mmap does not provide path or filename.

Or any alternative solution for this problem ?

Uela answered 6/2, 2018 at 11:9 Comment(6)

Check if #44673024 answers your question – Emigrant 6/2, 2018 at 11:14

Use /run – Warrantable 6/2, 2018 at 11:25

A path can lead to a file only within a mounted filesystem. – Indicia 28/1, 2023 at 16:15

@Adam Matan - Does "in-memory" for your purposes mean volatile memory or non-volatile memory. I have an answer for one but not the other. – Cinerama 30/1, 2023 at 1:17

Is there a reason why you can't use file-like object (io.BytesIO) instead of a path? – Electrotechnology 30/1, 2023 at 10:28

What created the in-memory file? Was it originally created in memory? – Arsenault 30/1, 2023 at 13:47

E

5

Your tags don't mention an operating system but I assume you run Linux since you mentioned /tmp. In that case, you can use /dev/shm. It's the directory which is used for POSIX shared memory and is typically the mount point for a tmpfs filesystem. So it stays in memory unless the system has to swap but that's no different from your regular process memory.

That means this should work for you:

with tempfile.NamedTemporaryFile(dir='/dev/shm') as memfile:
    size = 1024
    memfile.file.truncate(size)
    mapped = mmap.mmap(memfile.file.fileno(), size)

I should mention that this is obviously non-portable, even to other Unix systems.

As far as this whole endeavour is concerned: One may question the point of it. What scenario are you protecting against? Named temporary files are already created with read-permissions set to user-only, so there are only three ways to read it:

Attacker has root privileges. At that point all is lost anyway
Attacker has the same user privileges. At that point they can just read your process memory
Attacker has physical access and can read the file system / underlying disk. If that is a viable attack vector, disk encryption should be the primary defence

Of course there is nothing wrong with some defence in the deep.

Alternative

Here is another fun little trick: Use /proc/<pid>/fd

with tempfile.TemporaryFile() as outfile:
    outfile.write(b"Username, Password")
    outfile.flush()
    filepath = f"/proc/{os.getpid()}/fd/{outfile.fileno()}"
    content = open(filepath).read()

By my account it isn't any more secure (as discussed above) or portable, but maybe a bit more obfuscated. Plus, since the unnamed file is backed by the /tmp filesystem, it can potentially be much larger than the shared memory in /dev/shm

Expugnable answered 30/1, 2023 at 10:54 Comment(7)

The OP states in the question that mmap does not provide path or filename. Based on this, I believe that the OP is trying to access a file that they didn't create. – Arsenault 30/1, 2023 at 13:57

@Lifeiscomplex well, if that's what they mean then they are out of luck anyway, unless the want to resort to some of the shenanigans outlined here. And since this question is 5 years old, I'd be very surprised if OP responds to clarify – Expugnable 30/1, 2023 at 14:30

The new OP is Adam Matan, which added the bounty, so maybe he will provide more insight on his current issue as it relates to the original question. – Arsenault 30/1, 2023 at 14:48

To answer your question, What scenario are you protecting against? The attacker has root privileges, can access the encrypted file but does not have the key. The key was baked into the source code. At that time our company was delivering AI models in docker containers which will run alongside containers of other vendors. So we didn't want customer/other vendors to copy our models from the running container. – Uela 1/2, 2023 at 10:18

@ShubhamJain I'm no expert in code obfuscation or docker but if the attacker has root, what stops them from simply dumping your program memory once the model is loaded? Or since you are running Python, simply attaching a debugger? – Expugnable 1/2, 2023 at 16:17

Let's not digress from this topic of this question. You can assume it was taken care off by customizing the docker environment. – Uela 2/2, 2023 at 8:31

My use case is a Python library trying to read credentials from a file. I have the credentials as an in-memory string and want an elegant solution to pass it to the library. – Serenaserenade 2/2, 2023 at 12:35

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.