[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps
|
From: |
Andrew Hyatt |
|
Subject: |
bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing |
|
Date: |
Sun, 07 Jan 2018 12:54:31 -0500 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.2 (darwin) |
This is fairly easy to fix - mysql can check to see if the user entered
a blank for the password prompt, and instead of not sending a password,
send just the "--password" argument so the user can enter it into the
process instead of the command line. I have a fix ready to check in
that works for mysql (I'm not sure which other products support that).
Alternatively, we can just have a variable that controls whether
passwords are asked for on the command line at all (if sql-password is
unset), which could default to nil, making the security better by
default.
BTW, I guess the attack here is that another user process can use
something like strace to snoop on emacs's child processeses and obtain
the mysql password?
Stefan Monnier <monnier@iro.umontreal.ca> writes:
>> Apparently, no they cannot, since mysql replaces the password characters
>> with x's:
>
> Of course, that still leaves the chars exposed during a short time window.
>
>
> Stefan
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing,
Andrew Hyatt <=