GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

Previous Next

Package: emacs;

Reported by: Jari Aalto <jari.aalto <at> cante.net>

Date: Tue, 5 Apr 2011 11:28:01 UTC

Severity: normal

Tags: security

Found in version 23.2+1-7

Fixed in version 29.1

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

Message #65 received at 8427 <at> debbugs.gnu.org (full text, mbox):

From: Michael Mauger <mmauger <at> protonmail.com>
To: Andrew Hyatt <ahyatt <at> gmail.com>
Cc: "8427 <at> debbugs.gnu.org" <8427 <at> debbugs.gnu.org>,
 Stefan Kangas <stefan <at> marxist.se>
Subject: Re: bug#8427: [SECURITY] sql.el -- comint process passwords are
 leaked to ps(1) listing
Date: Wed, 18 Dec 2019 12:45:27 +0000

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, December 18, 2019 6:15 AM, Andrew Hyatt <ahyatt <at> gmail.com> wrote:

> Hi Michael,
>
> I'm happy to merge this in.  I have FSF paperwork done and already have commit access.
>
> However, I agree with you about pushing logic into comint.  As I mentioned before, it would help simplify the logic here.  It might be best to not check this in and see what an alternate solution might be first, based on comint.  I can work on that soon and get a patch out in the next week or so.
>
> On Mon, Dec 16, 2019 at 10:12 AM Michael Mauger <mmauger <at> protonmail.com> wrote:
>
> > -------- Original Message --------
> > On Dec 15, 2019, 11:59 PM, Andrew Hyatt < ahyatt <at> gmail.com> wrote:
> > > Any input on this?  I believe this fixes the issue, and would prefer to
> > > revise this while I still remember the details.  I'm happy to submit this
> > > as well.
> >

I had a chance to look at this last night; I've had a couple of days away from home and took advantage of it. Below is my first take on the changes to comint.el needed to add a hook that we could use in sql.el to supply the password. I think we ought to run this by emacs-devel and Eli before merging it.

*** /usr/local/share/emacs/27.0.50/lisp/comint.el	2019-12-18 07:26:14.268274791 -0500
--- /home/michael/my-config/user-lisp/override/comint.el	2019-12-17 23:10:08.433852481 -0500
***************
*** 2356,2361 ****
--- 2356,2368 ----
  ;; saved -- typically passwords to ftp, telnet, or somesuch.
  ;; Just enter m-x comint-send-invisible and type in your line.

+ (defvar comint-password-function nil
+   "Abnormal hook run when prompted for a password.
+ This function gets one argument, a string containing the prompt.
+ It may return a string containing the password, or nil if normal
+ password prompting should occur.")
+ (put 'comint-password-function 'permanent-local t)
+
  (defun comint-send-invisible (&optional prompt)
    "Read a string without echoing.
  Then send it to the process running in the current buffer.
***************
*** 2370,2377 ****
  	   (format "(In buffer %s) "
  		   (current-buffer)))))
      (if proc
! 	(let ((str (read-passwd (concat prefix
! 					(or prompt "Non-echoed text: ")))))
  	  (if (stringp str)
  	      (progn
  		(comint-snapshot-last-prompt)
--- 2377,2389 ----
  	   (format "(In buffer %s) "
  		   (current-buffer)))))
      (if proc
! 	(let ((prefix-prompt (concat prefix
! 				     (or prompt "Non-echoed text: ")))
! 	      str)
! 	  (when comint-password-function
! 	    (setq str (funcall comint-password-function prefix-prompt)))
! 	  (unless str
! 	    (setq str (read-passwd prefix-prompt)))
  	  (if (stringp str)
  	      (progn
  		(comint-snapshot-last-prompt)


Let me know your thoughts

--
MICHAEL <at> MAUGER.COM // FSF and EFF member // GNU Emacs sql.el maintainer
This bug report was last modified 3 years and 201 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.