GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

Previous Next

Package: emacs;

Reported by: Jari Aalto <jari.aalto <at> cante.net>

Date: Tue, 5 Apr 2011 11:28:01 UTC

Severity: normal

Tags: security

Found in version 23.2+1-7

Fixed in version 29.1

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Michael Mauger <mmauger <at> protonmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: "ahyatt <at> gmail.com" <ahyatt <at> gmail.com>, "8427 <at> debbugs.gnu.org" <8427 <at> debbugs.gnu.org>, "stefan <at> marxist.se" <stefan <at> marxist.se>
Subject: bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing
Date: Wed, 18 Dec 2019 17:52:44 +0000

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, December 18, 2019 11:57 AM, Eli Zaretskii <eliz <at> gnu.org> wrote:

> On Wed, 18 Dec 2019 12:45:27 +0000, Michael Mauger wrote:
> > Below is my first
> > take on the changes to comint.el needed to add a hook that we
> > could use in sql.el to supply the password. I think we ought
> > to run this by emacs-devel and Eli before merging it.
>
> I'm okay with adding this hook, but please mention this hook and its
> rationale in NEWS.
>
> Please also feel free to ask on emacs-devel for comments, if you want.
>
> Thanks.

I'll put together the patch for comint.el and NEWS and commit it.

Andrew, you can then simplify your sql.el patches appropriately along
with corresponding NEWS entry and we can review before you commit. Thanks!

--
MICHAEL <at> MAUGER.COM // FSF and EFF member // GNU Emacs sql.el maintainer</eliz <at> gnu.org>
This bug report was last modified 3 years and 201 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.