GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

Previous Next

Package: emacs;

Reported by: Jari Aalto <jari.aalto <at> cante.net>

Date: Tue, 5 Apr 2011 11:28:01 UTC

Severity: normal

Tags: security

Found in version 23.2+1-7

Fixed in version 29.1

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

Message #23 received at 8427 <at> debbugs.gnu.org (full text, mbox):

From: Andrew Hyatt <ahyatt <at> gmail.com>
To: Stefan Monnier <monnier <at> iro.umontreal.ca>
Cc: Glenn Morris <rgm <at> gnu.org>, 8427 <at> debbugs.gnu.org
Subject: Re: bug#8427: [SECURITY] sql.el -- comint process passwords are
 leaked to ps(1) listing
Date: Sun, 07 Jan 2018 12:54:31 -0500

This is fairly easy to fix - mysql can check to see if the user entered
a blank for the password prompt, and instead of not sending a password,
send just the "--password" argument so the user can enter it into the
process instead of the command line.  I have a fix ready to check in
that works for mysql (I'm not sure which other products support that).

Alternatively, we can just have a variable that controls whether
passwords are asked for on the command line at all (if sql-password is
unset), which could default to nil, making the security better by
default.

BTW, I guess the attack here is that another user process can use
something like strace to snoop on emacs's child processeses and obtain
the mysql password?

Stefan Monnier <monnier <at> iro.umontreal.ca> writes:

>> Apparently, no they cannot, since mysql replaces the password characters
>> with x's:
>
> Of course, that still leaves the chars exposed during a short time window.
>
>
>         Stefan
This bug report was last modified 3 years and 201 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.