GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

Previous Next

Package: emacs;

Reported by: Jari Aalto <jari.aalto <at> cante.net>

Date: Tue, 5 Apr 2011 11:28:01 UTC

Severity: normal

Tags: security

Found in version 23.2+1-7

Fixed in version 29.1

Done: Stefan Kangas <stefan <at> marxist.se>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Andrew Hyatt <ahyatt <at> gmail.com>
To: Michael Albinus <michael.albinus <at> gmx.de>
Cc: "stefan <at> marxist.se" <stefan <at> marxist.se>, "8427 <at> debbugs.gnu.org" <8427 <at> debbugs.gnu.org>, Michael Mauger <mmauger <at> protonmail.com>
Subject: bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing
Date: Mon, 30 Dec 2019 14:26:21 -0500

[Message part 1 (text/plain, inline)]

I meant a true value, I agree, non-nil is a better way to say that.

Shall I just make that change and check in?

On Mon, Dec 30, 2019 at 1:34 PM Michael Albinus <michael.albinus <at> gmx.de>
wrote:

> Andrew Hyatt <ahyatt <at> gmail.com> writes:
>
> > --- a/etc/NEWS
> > +++ b/etc/NEWS
> >
> > +---
> > +**** sql now supports sending of passwords in-process.
> > +To improve security, if a sql product has ':password-in-comint' set to
> > +true, a password supplied via the minibuffer will be sent in-process,
> > +as opposed to via the command-line.
>
> I would say non-nil instead of true. Or do you mean t?
>

[Message part 2 (text/html, inline)]

This bug report was last modified 3 years and 201 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #8427 [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing

GNU bug report logs - #8427
[SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing