GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

Previous Next

Full log

Message #38 received at 8427 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Kangas <stefan <at> marxist.se>
To: 8427 <at> debbugs.gnu.org, Andrew Hyatt <ahyatt <at> gmail.com>
Cc: Michael Mauger <michael <at> mauger.com>
Subject: Re: bug#8427: [SECURITY] sql.el -- comint process passwords are
 leaked to ps(1) listing
Date: Sun, 20 Oct 2019 18:02:40 +0200

(Please keep the bug address in Cc.)

Andrew Hyatt <ahyatt <at> gmail.com> writes:

> I'm attaching the fix.  The fix for MySQL was fairly straightforward.  I
> tried it out, and it works.

I'm not sure this is the right fix.  How is the user to know that the
correct thing is to provide an empty password when prompted for it?
Why do we even prompt for the password then?

Also, what if a user wants to login to an account that has no
password?  Should we really pass the "--password" parameter in that
case?  Does that work?

I think something like this would be better:

1. Keep the password prompt.
2. Use the naked "--password" parameter only when the user *has*
entered a password, and use nothing when the user entered nothing.
3. Never use the "--password=<foo>" parameter.
4. When mysql prompts for the password, send it to the process
automatically, without user interaction.

> I looked through sql.el for similar issues,
> and was able to fix Vertica as well, although I've never heard of
> Vertica before and couldn't test it out.  Parameters were set according
> to the docs at
> https://www.vertica.com/docs/9.2.x/HTML/Content/Authoring/ConnectingToVertica/vsql/CommandLineOptions.htm,
> which does match the existing code.

Unless someone can test it, perhaps we should leave out the Vertica part?

Thanks for working on this.

Best regards,
Stefan Kangas

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.