From: Stefan Kangas <stefan@marxist.se>
To: Andrew Hyatt <ahyatt@gmail.com>
Cc: 8427@debbugs.gnu.org, Stefan Monnier <monnier@iro.umontreal.ca>
Subject: bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing
Date: Sun, 6 Oct 2019 05:28:00 +0200 [thread overview]
Message-ID: <CADwFkmk6LC1=oSyh17GAh4yZQFwzH70hyCecU1pu++4hBGg5pw@mail.gmail.com> (raw)
In-Reply-To: <87fwpxdjlk.fsf@blue.sea.net>
Hi Andrew,
Andrew Hyatt <ahyatt@gmail.com> writes:
> This is fairly easy to fix - mysql can check to see if the user entered
> a blank for the password prompt, and instead of not sending a password,
> send just the "--password" argument so the user can enter it into the
> process instead of the command line. I have a fix ready to check in
> that works for mysql (I'm not sure which other products support that).
I think using an empty "--pasword" parameter sounds like the right fix.
That makes mysql prompt for the password, and we could supply it there
instead. I guess that's what you meant?
Could you perhaps send your patch here for review?
> Alternatively, we can just have a variable that controls whether
> passwords are asked for on the command line at all (if sql-password is
> unset), which could default to nil, making the security better by
> default.
I'm not sure what this means, but I guess the above fix should be
enough. Perhaps I'm missing something.
> BTW, I guess the attack here is that another user process can use
> something like strace to snoop on emacs's child processeses and obtain
> the mysql password?
Well, according to the threads linked earlier this can still be a
problem on Solaris, where the password is visible to all users if they
just run "ps". Perhaps it's been fixed since whenever these comments
were written though...
> Stefan Monnier <monnier@iro.umontreal.ca> writes:
>
>>> Apparently, no they cannot, since mysql replaces the password characters
>>> with x's:
>>
>> Of course, that still leaves the chars exposed during a short time window.
And as Stefan explains here the password is still exposed during a
short time window even on GNU/Linux. AFAIU, it's a possible race
attack which it would be nice to avoid.
Best regards,
Stefan Kangas
next prev parent reply other threads:[~2019-10-06 3:28 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-05 11:27 bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing Jari Aalto
2012-02-28 23:35 ` bug#8427: (no subject) Michael Mauger
2014-03-06 2:06 ` bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing Glenn Morris
2014-03-07 23:02 ` Stefan Monnier
2018-01-07 17:54 ` Andrew Hyatt
2019-10-06 3:28 ` Stefan Kangas [this message]
2019-10-13 1:51 ` Andrew Hyatt
2019-10-13 22:09 ` Stefan Kangas
[not found] ` <meny2xh8p4o.fsf@ahyatt-macbookpro6.roam.corp.google.com>
2019-10-20 15:57 ` bug#8427: Fwd: " Stefan Kangas
2019-10-20 16:02 ` Stefan Kangas
2019-10-21 0:56 ` Andrew Hyatt
2019-10-21 20:33 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-11-02 1:10 ` Andrew Hyatt
2019-11-02 19:41 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-11-11 5:31 ` Andrew Hyatt
2019-12-16 4:59 ` Andrew Hyatt
2019-12-16 15:12 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-12-18 6:15 ` Andrew Hyatt
2019-12-18 12:45 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-12-18 16:57 ` Eli Zaretskii
2019-12-18 17:52 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-12-30 15:11 ` Andrew Hyatt
2019-12-30 18:34 ` Michael Albinus
2019-12-30 19:26 ` Andrew Hyatt
2019-12-30 19:39 ` Eli Zaretskii
2019-12-30 23:36 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2020-09-21 12:45 ` Lars Ingebrigtsen
2021-10-12 5:05 ` Stefan Kangas
2021-10-13 16:05 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-10-13 17:47 ` Stefan Kangas
2021-10-13 18:26 ` Eli Zaretskii
2021-10-13 21:26 ` Stefan Kangas
2021-10-19 4:37 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-10-19 11:58 ` Eli Zaretskii
2021-10-19 12:05 ` Michael Albinus
2021-11-05 7:11 ` Stefan Kangas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CADwFkmk6LC1=oSyh17GAh4yZQFwzH70hyCecU1pu++4hBGg5pw@mail.gmail.com' \
--to=stefan@marxist.se \
--cc=8427@debbugs.gnu.org \
--cc=ahyatt@gmail.com \
--cc=monnier@iro.umontreal.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).