GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

Previous Next

Package: emacs;

Reported by: Jari Aalto <jari.aalto <at> cante.net>

Date: Tue, 5 Apr 2011 11:28:01 UTC

Severity: normal

Tags: security

Found in version 23.2+1-7

Fixed in version 29.1

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

Message #77 received at 8427 <at> debbugs.gnu.org (full text, mbox):

From: Michael Albinus <michael.albinus <at> gmx.de>
To: Andrew Hyatt <ahyatt <at> gmail.com>
Cc: "stefan <at> marxist.se" <stefan <at> marxist.se>,
 "8427 <at> debbugs.gnu.org" <8427 <at> debbugs.gnu.org>,
 Michael Mauger <mmauger <at> protonmail.com>
Subject: Re: bug#8427: [SECURITY] sql.el -- comint process passwords are
 leaked to ps(1) listing
Date: Mon, 30 Dec 2019 19:34:38 +0100

Andrew Hyatt <ahyatt <at> gmail.com> writes:

> --- a/etc/NEWS
> +++ b/etc/NEWS
>
> +---
> +**** sql now supports sending of passwords in-process.
> +To improve security, if a sql product has ':password-in-comint' set to
> +true, a password supplied via the minibuffer will be sent in-process,
> +as opposed to via the command-line.

I would say non-nil instead of true. Or do you mean t?

This bug report was last modified 3 years and 201 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #8427 [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing