GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

Previous Next

Package: emacs;

Reported by: Jari Aalto <jari.aalto <at> cante.net>

Date: Tue, 5 Apr 2011 11:28:01 UTC

Severity: normal

Tags: security

Found in version 23.2+1-7

Fixed in version 29.1

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Michael Mauger <michael <at> mauger.com>
To: "8427 <at> debbugs.gnu.org" <8427 <at> debbugs.gnu.org>
Subject: bug#8427: (no subject)
Date: Tue, 28 Feb 2012 15:35:25 -0800 (PST)

[Message part 1 (text/plain, inline)]
This is not a problem with just sql-mysql, its an issue with all database products that require a password.  MySql is one of the few that covers their tracks after they start up. When sql.el starts up one of these product interpreters that require a password, it embeds the password in the command line.  If the operating system, such as GNU/Linux, displays the full command line of executing processes, the vulnerability exists.

The alternative is to rely upon the operating system's authentication and authorization so that explicit credentials do not need to be passed to the command interpreter on the command line.  The one other solution provided by a couple of database products allow the credentials to be sent via an I/O channel which would hide them from prying eyes, but may be more difficult to support cross platform.

I'm open to including a warning about the potential vulnerability -- wording suggestions appreciated.  Alternative solutions also welcome.
[Message part 2 (text/html, inline)]
This bug report was last modified 3 years and 201 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.