My knowledge of Unix input/output/devices is very hazy so could someone please tell me if the following is secure?
I log on to an account on a shared Unix server (Linux 2.6.18-6-686) using ssh (PuTTY). I start a python program and then type into it (python raw_input command) the username/password of an account on a web site it should log on to using SSL. The python executable is one I downloaded and built myself. Is it possible for someone with root privilege to see the username/password I type into the python program?
Root can do anything. Don't run it on a box where you do not trust root.
(The question is not well stated, though. The problem is not in the security of your terminal input, it's in the security of where that input ends up in the memory of a remote computer whose administrator you do not trust.)
era is right. On Linux, root can do anything. Just think about /dev/mem and /dev/kmem or LKM.
Root could create a program that would have access to all iomem and ioports.
Root could alter the kernel in any way so it would do anything (get out of the virtual memory and go straight to physical memory which only the kernel can touch)
Root could just ptrace() your terminal and see whatever you're typing.