GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

Previous Next

Package: emacs;

Reported by: Jari Aalto <jari.aalto <at> cante.net>

Date: Tue, 5 Apr 2011 11:28:01 UTC

Severity: normal

Tags: security

Found in version 23.2+1-7

Fixed in version 29.1

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

Message #32 received at 8427 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Kangas <stefan <at> marxist.se>
To: Andrew Hyatt <ahyatt <at> gmail.com>
Cc: Glenn Morris <rgm <at> gnu.org>, 8427 <at> debbugs.gnu.org,
 Stefan Monnier <monnier <at> iro.umontreal.ca>
Subject: Re: bug#8427: [SECURITY] sql.el -- comint process passwords are
 leaked to ps(1) listing
Date: Mon, 14 Oct 2019 00:09:14 +0200

Andrew Hyatt <ahyatt <at> gmail.com> writes:

>> Could you perhaps send your patch here for review?
>
> I no longer know where my changes are.   It's been a while.  But I think I can probably recreate them, which I'll try to do this week.
[...]
> The idea is that instead of connecting with the --password arg, it can be left out entirely, in which case the program should ask for it (which is secure).

Sounds good, thanks.

Best regards,
Stefan Kangas

This bug report was last modified 3 years and 201 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #8427 [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing