unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
* bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing
@ 2011-04-05 11:27 Jari Aalto
  2012-02-28 23:35 ` bug#8427: (no subject) Michael Mauger
                   ` (2 more replies)
  0 siblings, 3 replies; 36+ messages in thread
From: Jari Aalto @ 2011-04-05 11:27 UTC (permalink / raw)
  To: 8427

Package: emacs
Version: 23.2+1-7
Severity: serious
Tags: security

There is a big security problem with sql.el:

    M-x sql-mysql
    <Fill in the connection details: user, password ...>

At command line, anyone in multi-user environment can dig out the
passwords:

   $ ps -ef -o user,pid,args | grep mysql       # ps(1) under SUN/Solaris
   foo  9599 /usr/local/bin/mysql --user=foo --password=123456 --host=db.example.com
   bar  3732 /usr/local/bin/mysql --user=bar --password=abcdef --host=db.example.com

Jari

P.S mysql(1) mentions that you can set database options in ~/.my.cnf file.

MySQL case, there is in manual page:

-- System Information
Debian Release: wheezy/sid
  APT Prefers testing
  APT policy: (990, testing) (500, unstable) (1, experimental)
Architecture: amd64
Kernel: Linux picasso 2.6.32-5-amd64 #1 SMP Wed Jan 12 03:40:32 UTC 2011 x86_64 GNU/Linux
Locale: LANG=en_US.UTF-8, LC_ALL=

-- Versions of packages `emacs depends on'.
Depends:
emacs23         23.2+1-7        GNU Emacs is the extensible self-documenting
emacs23-lucid   23.2+1-7        GNU Emacs is the extensible self-documenting
emacs23-nox     23.2+1-7        GNU Emacs is the extensible self-documenting





^ permalink raw reply	[flat|nested] 36+ messages in thread

end of thread, other threads:[~2021-11-05  7:11 UTC | newest]

Thread overview: 36+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-04-05 11:27 bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing Jari Aalto
2012-02-28 23:35 ` bug#8427: (no subject) Michael Mauger
2014-03-06  2:06 ` bug#8427: [SECURITY] sql.el -- comint process passwords are leaked to ps(1) listing Glenn Morris
2014-03-07 23:02   ` Stefan Monnier
2018-01-07 17:54     ` Andrew Hyatt
2019-10-06  3:28 ` Stefan Kangas
2019-10-13  1:51   ` Andrew Hyatt
2019-10-13 22:09     ` Stefan Kangas
     [not found]       ` <meny2xh8p4o.fsf@ahyatt-macbookpro6.roam.corp.google.com>
2019-10-20 15:57         ` bug#8427: Fwd: " Stefan Kangas
2019-10-20 16:02           ` Stefan Kangas
2019-10-21  0:56             ` Andrew Hyatt
2019-10-21 20:33               ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-11-02  1:10                 ` Andrew Hyatt
2019-11-02 19:41                   ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-11-11  5:31                     ` Andrew Hyatt
2019-12-16  4:59                       ` Andrew Hyatt
2019-12-16 15:12                         ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-12-18  6:15                           ` Andrew Hyatt
2019-12-18 12:45                             ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-12-18 16:57                               ` Eli Zaretskii
2019-12-18 17:52                                 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2019-12-30 15:11                                   ` Andrew Hyatt
2019-12-30 18:34                                     ` Michael Albinus
2019-12-30 19:26                                       ` Andrew Hyatt
2019-12-30 19:39                                         ` Eli Zaretskii
2019-12-30 23:36                                           ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2020-09-21 12:45                                             ` Lars Ingebrigtsen
2021-10-12  5:05                                               ` Stefan Kangas
2021-10-13 16:05                                                 ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-10-13 17:47                                                   ` Stefan Kangas
2021-10-13 18:26                                                     ` Eli Zaretskii
2021-10-13 21:26                                                       ` Stefan Kangas
2021-10-19  4:37                                                         ` Michael Mauger via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-10-19 11:58                                                           ` Eli Zaretskii
2021-10-19 12:05                                                             ` Michael Albinus
2021-11-05  7:11                                                           ` Stefan Kangas

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).